Sanitizer.sanitize()
Draft: This page is not complete.
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The sanitize() method of the sanitizer interface returns a sanitized DocumentFragment from an input, removing any offending elements or attributes.
Syntax
var DocumentFragment = sanitizer.sanitize(input);
Parameters
input-
A
Stringto be sanitized.
Return value
Exceptions
None.
Examples
This example uses the sanitize method to remove a disallowed script and blink elements from a string input.
// our input string to clean const stringToClean = 'Some text <b><i>with</i></b> <blink>tags</blink>, including a rogue script <script>alert(1)</script> def.'; const result = new Sanitizer().sanitize(stringToClean); // Result: A DocumentFragment containing text nodes and a <b> element, with a <i> child element
Specifications
| Specification |
|---|
| HTML Sanitizer API # dom-sanitizer-sanitize |
Browser compatibility
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
sanitize |
93 |
93 |
83 |
No |
79 |
No |
No |
No |
No |
No |
No |
No |
© 2005–2021 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/Sanitizer/sanitize