A rudimentary HTML Sanitizer that removes scriptable content from HTML. You can use this to clean up user captured HTML and rendered Markdown to avoid XSS attacks.
o.wwUtils.SanitizeHtml(lcHtml,lcHtmlTagBlacklist)
Parameters
lcHtml
The HTML to sanitize
lcHtmlTagBlacklist
Optional - a pipe (|) delimited list of HTML tags that should be stripped.
Default value: "script|iframe|form|object|embed"
Remarks
This sanitizer provides basic functionality that strips script/iframe/form/object/embed tags,
javascript:
directives and anyonXXX
events on HTML elements.
See also:
Class wwUtils© West Wind Technologies, 2023 • Updated: 09/02/18
Comment or report problem with topic