UNPKG

jodit

Version:

Jodit is an awesome and useful wysiwyg editor with filebrowser

xdsoft.net/jodit/

xdan/jodit

46 lines (45 loc) 1.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
/*! * Jodit Editor (https://xdsoft.net/jodit/) * Released under MIT see LICENSE.txt in the project root for license information. * Copyright (c) 2013-2025 Valeriy Chupurnov. All rights reserved. https://xdsoft.net */ /** * @module helpers/html */ import { Dom } from "../../dom/dom.js"; import { $$, attr } from "../utils/index.js"; /** * Removes dangerous constructs from HTML */ export function safeHTML(box, options) { if (!Dom.isElement(box) && !Dom.isFragment(box)) { return; } if (options.removeOnError) { sanitizeHTMLElement(box); $$('[onerror]', box).forEach(elm => sanitizeHTMLElement(elm, options)); } if (options.safeJavaScriptLink) { sanitizeHTMLElement(box); $$('a[href^="javascript"]', box).forEach(elm => sanitizeHTMLElement(elm, options)); } } export function sanitizeHTMLElement(elm, { safeJavaScriptLink, removeOnError } = { safeJavaScriptLink: true, removeOnError: true }) { if (!Dom.isElement(elm)) { return false; } let effected = false; if (removeOnError && elm.hasAttribute('onerror')) { attr(elm, 'onerror', null); effected = true; } const href = elm.getAttribute('href'); if (safeJavaScriptLink && href && href.trim().indexOf('javascript') === 0) { attr(elm, 'href', location.protocol + '//' + href); effected = true; } return effected; }