@gechiui/dom
Version:
DOM utilities module for GeChiUI.
53 lines (43 loc) • 1.15 kB
JavaScript
;
var _interopRequireDefault = require("@babel/runtime/helpers/interopRequireDefault");
Object.defineProperty(exports, "__esModule", {
value: true
});
exports.default = safeHTML;
var _remove = _interopRequireDefault(require("./remove"));
/**
* Internal dependencies
*/
/**
* Strips scripts and on* attributes from HTML.
*
* @param {string} html HTML to sanitize.
*
* @return {string} The sanitized HTML.
*/
function safeHTML(html) {
const {
body
} = document.implementation.createHTMLDocument('');
body.innerHTML = html;
const elements = body.getElementsByTagName('*');
let elementIndex = elements.length;
while (elementIndex--) {
const element = elements[elementIndex];
if (element.tagName === 'SCRIPT') {
(0, _remove.default)(element);
} else {
let attributeIndex = element.attributes.length;
while (attributeIndex--) {
const {
name: key
} = element.attributes[attributeIndex];
if (key.startsWith('on')) {
element.removeAttribute(key);
}
}
}
}
return body.innerHTML;
}
//# sourceMappingURL=safe-html.js.map