JavaScript
A5.u.htmlsanitize Method
Syntax
A5.u.html.sanitize(value)
Arguments
- valuestring
The string to sanitize the HTML in.
Returns
- valuestring
The string with sanitized HTML.
Description
Sanitize HTML in a string.
Discussion
This method will take an arbitrary string and sanitize known security HTML issues. Renaming dangerous tags (such as IFRAME, SCRIPT, etc.) and attributes (JS events, HREF with JS, etc.).
Example
var html = "<img src=\"#\" onerror=\"alert('evil')\" style=\"background: url(evil.png) rgb(255,0,0)\"/>" html = A5.u.html.sanitize(html); //html = "<img src=\"#\" no-onerror=\"alert('evil')\" style=\"background: rgb(255,0,0)\"/>"