sanitizeHtml
Updated pdexter 2022-10-22
Sanitises HTML strings to ensure there is no script injection.
The imprudent setting of html to elements of the page can under some circumstances result in breaking of the page, or worse. This function is designed to scan any html string and prevent any script injection from occurring.
(client-side function)
Availability
Available from JayRule v20210211 (Indolent Iguana ++)
Syntax
value = ft3.sanitizeHtml( html )
Part | Description |
---|---|
value | the sanitised HTML returned. |
html | the raw HTML to sanitise. |
Example
var badHtml = '<div>aaa</div><IMG """><SCRIPT>alert("XSS")</SCRIPT>"\>';
$('div#divParentcmdRunMe12 button').html(ft3.sanitizeHtml(badHtml));
ft3.ModalService.openModal({
title : 'san html test',
html : ft3.sanitizeHtml(badHtml)
});