Closed mzhilyaev closed 10 years ago
We can also use bleach from here https://github.com/brianloveswords/bleach.js
importing bleach.js exposes an object called Bleach in the global scope
Running a few test strings:
> Bleach.clean("& this is awesome");
"& this is awesome"
> Bleach.clean("sweet & sour");
"sweet & sour"
For html tags, if you want to escape, you need to give it a whitelist. By default, it will allow all tags.
> Bleach.clean("a <a href='javascript:evilness()'>i'll be good i promise</a>");
"a <a href="javascript:evilness()">i'll be good i promise</a>"
> Bleach.clean("a <a href='javascript:evilness()'>i'll be good i promise", {tags: []});
"a <a href="javascript:evilness()">i'll be good i promise</a>"
If you want to strip out all html altogether, in addition to the tags whitelist, you can specify the strip parameter.
> Bleach.clean("a <a href='javascript:evilness()'>i'll be good i promise</a>", {strip: true, tags: []});
"a i'll be good i promise"
js/bleach.js seems to clash with nytimes ribbon. Here's an error I get when loading bleach along with headliner-ribbon.js
JavaScript error: http://a1.nyt.com/assets/foundation/20140131-140053/js/foundation/lib/framework.js, line 1: Error: Mismatched anonymous define() module: function () {....
according to amo-editor - we need to do that when catanation happens