UNPKG

@wordpress/dom

Version:

DOM utilities module for WordPress.

github.com/WordPress/gutenberg/tree/HEAD/packages/dom/README.md

WordPress/gutenberg

39 lines (32 loc) 847 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
/** * Internal dependencies */ import remove from './remove'; /** * Strips scripts and on* attributes from HTML. * * @param {string} html HTML to sanitize. * * @return {string} The sanitized HTML. */ export default function safeHTML( html ) { const { body } = document.implementation.createHTMLDocument( '' ); body.innerHTML = html; const elements = body.getElementsByTagName( '*' ); let elementIndex = elements.length; while ( elementIndex-- ) { const element = elements[ elementIndex ]; if ( element.tagName === 'SCRIPT' ) { remove( element ); } else { let attributeIndex = element.attributes.length; while ( attributeIndex-- ) { const { name: key } = element.attributes[ attributeIndex ]; if ( key.startsWith( 'on' ) ) { element.removeAttribute( key ); } } } } return body.innerHTML; }