diff --git a/README.md b/README.md index ed69daffe..f12c06e6a 100644 --- a/README.md +++ b/README.md @@ -65,22 +65,24 @@ However, this is also highly dangerous when dealing with untrusted content. The ```js const dom = new JSDOM(`
- + + `); // The script will not be executed, by default: -dom.window.document.body.children.length === 1; +console.log(dom.window.document.getElementById("content").children.length); // 0 ``` To enable executing scripts inside the page, you can use the `runScripts: "dangerously"` option: ```js const dom = new JSDOM(` - + + `, { runScripts: "dangerously" }); // The script will be executed and modify the DOM: -dom.window.document.body.children.length === 2; +console.log(dom.window.document.getElementById("content").children.length); // 1 ``` Again we emphasize to only use this when feeding jsdom code you know is safe. If you use it on arbitrary user-supplied code, or code from the Internet, you are effectively running untrusted Node.js code, and your machine could be compromised. @@ -92,15 +94,22 @@ Event handler attributes, like `