@gravityforms/utils/src/data/escape-scripts.js

JavaScript utilities for Gravity Forms development.

/**
 * @module escapeScripts
 * @description Sanitizes a string by removing script tags and returning a safe string to be outputted on a page.
 *
 * @since 1.0.0
 *
 * @param {string} unsafe The string to be escaped/sanitized.
 *
 * @return {string} Returns a string with all script tags removed.
 *
 * @example
 * import { escapeScripts } from "@gravityforms/utils";
 *
 * function Example() {
 *   const unsafeString = 'Some text <script>alert( "I am unsafe" );</script> that is not safe';
 * 	 const safeString = escapeScripts( unsafeString );
 * }
 *
 */
export default function( unsafe = '' ) {
	return String( unsafe )
		.replace( /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '' );
}