Sanitizer.sanitize()

Draft

This page is not complete.

Secure context

This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The sanitize() method of the sanitizer interface returns a sanitized DocumentFragment from an input, removing any offending elements or attributes.

Syntax

var DocumentFragment = sanitizer.sanitize(input);

Parameters

input
A String to be sanitized.

Return value

A DocumentFragment.

Exceptions

None.

Examples

This example uses the sanitize method to remove a disallowed script and blink elements from a string input.

// our input string to clean
const stringToClean = 'Some text <b><i>with</i></b> <blink>tags</blink>, including a rogue script <script>alert(1)</script> def.';

const result = new Sanitizer().sanitize(stringToClean);
// Result: A DocumentFragment containing text nodes and a <b> element, with a <i> child element

Specifications

Specification
HTML Sanitizer API
# dom-sanitizer-sanitize

Browser compatibility

BCD tables only load in the browser