@gechiui/dom/build-module/dom/safe-html.js

DOM utilities module for GeChiUI.

/**
 * Internal dependencies
 */
import remove from './remove';
/**
 * Strips scripts and on* attributes from HTML.
 *
 * @param {string} html HTML to sanitize.
 *
 * @return {string} The sanitized HTML.
 */

export default function safeHTML(html) {
  const {
    body
  } = document.implementation.createHTMLDocument('');
  body.innerHTML = html;
  const elements = body.getElementsByTagName('*');
  let elementIndex = elements.length;

  while (elementIndex--) {
    const element = elements[elementIndex];

    if (element.tagName === 'SCRIPT') {
      remove(element);
    } else {
      let attributeIndex = element.attributes.length;

      while (attributeIndex--) {
        const {
          name: key
        } = element.attributes[attributeIndex];

        if (key.startsWith('on')) {
          element.removeAttribute(key);
        }
      }
    }
  }

  return body.innerHTML;
}
//# sourceMappingURL=safe-html.js.map