ftos.utils.html.sanitize
Sanitizes a string containing HTML code. Removes JavaScript, <style> and <script> tags, inline event handlers (e.g., onclick), and HTML comments.
Syntax
Copy
ftos.utils.html.sanitize(html: string): string| Parameter | Type | Description |
|---|---|---|
html
|
string | The HTML code to sanitize, removing elements and attributes that may lead to cross-site scripting (XSS). |
Return Value
Returns a string of sanitized HTML code.
IMPORTANT!
This is a best-effort sanitization only. For full protection against XSS and other injection attacks, it is recommended to use a dedicated third-party dedicated security service or app.
This is a best-effort sanitization only. For full protection against XSS and other injection attacks, it is recommended to use a dedicated third-party dedicated security service or app.
Example
Sanitize user input to remove executable scripts, inline JavaScript, and comments
This example sanitizes HTML code stored in the userInput variable and saves the sanitized result in the safeHTML variable.
Copy
var userInput = `
<div>
<h2>Welcome!</h2>
<p onclick="alert('Hacked!')">Click me</p>
<script>stealCookies()</script>
<!-- This is a comment -->
</div>
`;
var safeHtml = ftos.utils.html.sanitize(userInput);This results in the following sanitized HTML stored in the saveHTML variable:
Copy
<div>
<h2>Welcome!</h2>
<p>Click me</p>
</div>