sanitize() method of the
Sanitizer interface is used to sanitize a tree of DOM nodes, removing any unwanted elements or attributes.
It should be used when the data to be sanitized is already available as DOM nodes.
For example when sanitizing a
Document instance in a frame.
Sanitizer() configuration strips out XSS-relevant input by default, including
<script> tags, custom elements, and comments.
The sanitizer configuration may be customized using
Sanitizer() constructor options.
To sanitize data from an iframe with id
const sanitizer = new Sanitizer(); // Default sanitizer; // Get the frame and its Document object const frame_element = document.getElementById("userFrame"); const unsanitized_frame_tree = frame_element.contentWindow.document; // Sanitize the document tree and update the frame. const sanitized_frame_tree = sanitizer.sanitize(unsanitized_frame_tree); frame_element.replaceChildren(sanitized_frame_tree);
|HTML Sanitizer API |
BCD tables only load in the browser