Open chladnefazole opened 2 years ago
Hi, @chladnefazole please try this example code:
var dirtyHtml =
'<!doctype html><head><meta charset="utf-8" name="xx" content="yy"><title>Test</title><style></style></head><body class="aa"><footer></footer><div></div></body>';
var sanitizerOptions = {
whiteList: {
"!doctype": ["html"],
meta: ["name", "content", "charset"],
html: ["lang"],
style: [],
head: [],
title: [],
body: ["class"],
footer: [],
},
};
var cleanHtml = filterXSS(dirtyHtml, sanitizerOptions);
console.log(cleanHtml);
we can get the following result:
<!doctype html><head><meta charset="utf-8" name="xx" content="yy"><title>Test</title><style></style></head><body class="aa"><footer></footer><div></div></body>
I have whitelist:
But
style, head, body, html
tags are all being escaped still.table, tr, td, tbody, p, h1, h2
tags are not escaped. Basically, the list does nothing at all.I am using the library via a CDN and therefore I'm calling the function like so:
var cleanHtml = filterXSS(dirtyHtml, sanitizerOptions);