If rendering user provided input to a webpage is the source of cross-site scripting vulnerabilities, then what do you do when it becomes a feature? This project creates a solution to one of Shopify's longest standing cross-site scripting vulnerabilities found in the rich text editor. Centred around Cure53's DOMPurify, I develop a security utility that sanitizes merchant content while encoding metadata that allows for the content to be later restored back into its original form.