wwUtils.SanitizeHtml

A rudimentary HTML Sanitizer that removes scriptable content from HTML. You can use this to clean up user captured HTML and rendered Markdown to avoid XSS attacks.

o.wwUtils.SanitizeHtml(lcHtml,lcHtmlTagBlacklist)

Parameters

lcHtml
The HTML to sanitize

lcHtmlTagBlacklist
Optional - a pipe (|) delimited list of HTML tags that should be stripped.
Default value: "script|iframe|form|object|embed"

Remarks

This sanitizer provides basic functionality that strips script/iframe/form/object/embed tags, javascript: directives and any onXXX events on HTML elements.


See also:

Class wwUtils

© West Wind Technologies, 1996-2018 • Updated: 09/02/18
Comment or report problem with topic