Sanitizer.sanitize()

Draft

This page is not complete.

Secure context

This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The sanitize() method of the sanitizer interface returns a sanitized DocumentFragment from an input, removing any offending elements or attributes.

Syntax

var DocumentFragment = sanitizer.sanitize(input);

Parameters

input
A String to be sanitized.

Return value

Exceptions

None.

Examples

This example uses the sanitize method to remove a disallowed script and blink elements from a string input.

// our input string to clean
const stringToClean = 'Some text <b><i>with</i></b> <blink>tags</blink>, including a rogue script <script>alert(1)</script> def.';

const result = new Sanitizer().sanitize(stringToClean);
// Result: A DocumentFragment containing text nodes and a <b> element, with a <i> child element

Specifications

Specification Status Comment
HTML Sanitizer API
The definition of 'sanitizeToString' in that specification.
Working Draft Initial definition.

Browser compatibility

BCD tables only load in the browser