Sanitizer.sanitizeToString()

Draft

This page is not complete.

Secure context

This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The sanitizeToString() method of the Sanitizer interface returns a sanitized String from an input, removing any offending elements or attributes.

Syntax

var String = sanitizer.sanitizeToString(input);

Parameters

input
A String to be sanitized.

Return value

A String.

Exceptions

None.

Examples

This example uses the sanitizeToString method to remove disallowed script and blink elements from a string input.

// our input string to clean
const stringToClean = 'Some text <b><i>with</i></b> <blink>tags</blink>, including a rogue script <script>alert(1)</script> def.';

const result = new Sanitizer().sanitizeToString(stringToClean);
console.log(result);
// Logs: "Some text <b><i>with</i></b> tags, including a rogue script def."

Specifications

Specification Status Comment
HTML Sanitizer API
The definition of 'sanitizeToString' in that specification.
Working Draft Initial definition.

Browser compatibility

BCD tables only load in the browser