Sanitizer.sanitize()

Draft: This page is not complete.

Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The sanitize() method of the sanitizer interface returns a sanitized DocumentFragment from an input, removing any offending elements or attributes.

Syntax

var DocumentFragment = sanitizer.sanitize(input);

Parameters

input

A String to be sanitized.

Return value

A DocumentFragment.

Exceptions

None.

Examples

This example uses the sanitize method to remove a disallowed script and blink elements from a string input.

// our input string to clean
const stringToClean = 'Some text <b><i>with</i></b> <blink>tags</blink>, including a rogue script <script>alert(1)</script> def.';

const result = new Sanitizer().sanitize(stringToClean);
// Result: A DocumentFragment containing text nodes and a <b> element, with a <i> child element

Specifications

Specification
HTML Sanitizer API
# dom-sanitizer-sanitize

Browser compatibility

BCD tables only load in the browser