)
}
}
)
(
}
{
)
)
(
)
(
(
{
}
)
(
)
}
)
)
{
(
(
)
)
}
)
(
}

HTML Sanitizer

  1. const unsanitized_string = "abc <script>alert(1)</script> def";  // Unsanitized string of HTML
  2. const sanitizer = new Sanitizer();  // Default sanitizer;
  3.  
  4. // Sanitize the string
  5. let sanitizedDiv = sanitizer.sanitizeFor("div", unsanitized_string);
  6.  
  7. //We can verify the returned element type, and view sanitized HTML in string form:
  8. console.log( (sanitizedDiv instanceof HTMLDivElement) );
  9. // true
  10. console.log(sanitizedDiv.innerHTML)
  11. // "abc  def"
  12.  
  13. // At some point later ...
  14.  
  15. // Get the element to update. This must be a div to match our sanitizeFor() context.
  16. // Set its content to be the children of our sanitized element.
  17. document.querySelector("div#target").replaceChildren(sanitizedDiv.children);

Interesting… From MDN

snippet.zone ~ 2021-22 /// {s/z}