Sanitizer
Draft: This page is not complete.
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The Sanitizer interface of the HTML Sanitizer API allows developers to take untrusted strings of HTML, and sanitize them for safe insertion into a document’s DOM.
Constructors
Sanitizer.Sanitizer-
Creates and returns a
Sanitizerobject.
Methods
Sanitizer.sanitizeToString()-
Returns a sanitized
Stringfrom an input, removing any offending elements or attributes. Sanitizer.sanitize()-
Returns a sanitized
DocumentFragmentfrom an input, removing any offending elements or attributes.
Examples
This example shows the result of sanitizing a string using the Sanitizer.sanitizeToString() method. Disallowed script and blink elements are removed from the input.
// our input string to clean const stringToClean = 'Some text <b><i>with</i></b> <blink>tags</blink>, including a rogue script <script>alert(1)</script> def.'; const result = new Sanitizer().sanitizeToString(stringToClean); console.log(result); // Logs: "Some text <b><i>with</i></b> <blink>tags</blink>, including a rogue script def."
Specifications
| Specification |
|---|
| HTML Sanitizer API # sanitizer-api |
Browser compatibility
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
Sanitizer |
93 |
93 |
83 |
No |
79 |
No |
No |
No |
No |
No |
No |
No |
Sanitizer |
93 |
93 |
83 |
No |
79 |
No |
No |
No |
No |
No |
No |
No |
sanitize |
93 |
93 |
83 |
No |
79 |
No |
No |
No |
No |
No |
No |
No |
sanitizeFor |
93 |
93 |
94 |
No |
79 |
No |
No |
No |
No |
No |
No |
No |
© 2005–2021 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Sanitizer