Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sanitize JavaScript #527

Closed
gkoberger opened this issue Dec 11, 2014 · 2 comments
Closed

Sanitize JavaScript #527

gkoberger opened this issue Dec 11, 2014 · 2 comments

Comments

@gkoberger
Copy link

This is more to see if anyone has a solution than to suggest a feature, simply because there's a ton of open Issues and I doubt this will get seen anytime soon.

It'd be great to have a sanitizeJS option. For example, I want people to be able to write HTML (such as <i class="fa fa-warning"></i>), but not add JavaScript (like <i class="fa fa-warning" onmouseover="alert('Now i have your cookies!');"></i>). Any thoughts on how to clean up JS without having to completely disable HTML?
@mkopala
Copy link

mkopala commented Feb 8, 2015

I've been using JsHtmlSanitizer - google-caja along with marked with nice success.

@hansonw hansonw mentioned this issue Jan 26, 2018
Open
@joshbruce
Copy link
Member

Closing as having a solution via a separate package and step.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gkoberger @mkopala @joshbruce