A5.u.htmlsanitize Method

Syntax

A5.u.html.sanitize(value)

Arguments

valuestring: The string to sanitize the HTML in.

Returns

valuestring: The string with sanitized HTML.

Description

Sanitize HTML in a string.

Discussion

This method will take an arbitrary string and sanitize known security HTML issues. Renaming dangerous tags (such as IFRAME, SCRIPT, etc.) and attributes (JS events, HREF with JS, etc.).

Example

var html = "<img src=\"#\" onerror=\"alert('evil')\" style=\"background: url(evil.png) rgb(255,0,0)\"/>"
html = A5.u.html.sanitize(html);
//html = "<img src=\"#\" no-onerror=\"alert('evil')\" style=\"background:  rgb(255,0,0)\"/>"

Report an issue with this page