Skip to content

sanitizeHtml

Updated pdexter 2022-10-22

Sanitises HTML strings to ensure there is no script injection.

The imprudent setting of html to elements of the page can under some circumstances result in breaking of the page, or worse. This function is designed to scan any html string and prevent any script injection from occurring.

(client-side function)

Availability

Available from JayRule v20210211 (Indolent Iguana ++)

Syntax

value = ft3.sanitizeHtml( html )

Part Description
value the sanitised HTML returned.
html the raw HTML to sanitise.

Example

var badHtml = '<div>aaa</div><IMG """><SCRIPT>alert("XSS")</SCRIPT>"\>';

$('div#divParentcmdRunMe12 button').html(ft3.sanitizeHtml(badHtml));

ft3.ModalService.openModal({
    title : 'san html test',
    html : ft3.sanitizeHtml(badHtml)
});

See Also

htmlEncode