Sanitizer interface of the
HTML Sanitizer API provides methods to sanitize untrusted strings of HTML,
After sanitization, unwanted elements or attributes are removed, and the returned objects can safely be inserted into a document’s DOM.
Sanitizer object is also used by the
Element.setHTML() method to parse and sanitize a string of HTML, and immediately insert it into an element.
The default configuration strips out XSS-relevant input by default, including
<script> tags, custom elements, and comments.
This configuration may be customized using constructor options.
Creates and returns a
Sanitizerobject, optionally with custom sanitization behavior.
For examples see the
HTML Sanitizer API and the individual methods.
|HTML Sanitizer API |
BCD tables only load in the browser