UNPKG

jessquery

Version:

Modern JavaScript is pretty good, but typing document.querySelector() is a pain. This is a tiny library that makes DOM manipulation easy. jQuery is around 80kb (30kb gzipped), while this is only around 8kb (3.5kb gzipped). Lots of JSDoc comments so it's s

jazzypants.dev

jazzypants1989/jessquery

50 lines (41 loc) 1.66 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" /> <title>DOM Manipulation with $ and $$</title> </head> <body> <div id="content"> <p class="paragraph">This is a paragraph.</p> <p class="paragraph">This is another paragraph.</p> </div> <script type="module"> import { $, $$ } from "../index.js" // const paragraphs = $$(".paragraph") // paragraphs.css("color", "blue") // contentDiv.attach( // '<p class="prepended">This is a prepended paragraph.</p>', // { position: "prepend" } // ) // // contentDiv.attach( // '<p class="attached">This is an appended paragraph.</p>', // ) const unsafeHtml = `<img src="x" onerror="alert(\'XSS Attack\')"> <span style="color: red">This is a span.</span> <p class="paragraph">This is a paragraph.</p> <p class="paragraph">This is another paragraph.</p> <script>alert("No worries!")<` + `/script>` const sanitizer = new Sanitizer({ allowElements: ["p"], }) const contentDiv = $("#content").sanitize(unsafeHtml, { sanitizer }) // const noWorries = `<scr` + `ipt>alert("No worries!")</scr` + `ipt>` // const contentDiv = $("#content").html(noWorries) // contentDiv.attach(unsafeHtml, { sanitize: false }) // will not get sanitized-- will trigger alert // contentDiv.attach(unsafeHtml) // will get sanitized-- so only one alert will trigger </script> </body> </html>