Check with your designers to help you design this section
Check with your designers to help you design this section
RAUL bundles with a lightweight XSS filtering toolkit. It is used internally but is also available for usage outside of RAUL (Example usage with Alerts module). The toolkit is js-xss. It allows you to sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist. Below are the basic examples of usage, but more information can be found at: https://github.com/leizongmin/js-xss
Example of filtering using filterXSS
function (available at global scope):
var html = filterXSS('<script>alert("xss");</scr' + 'ipt>');
alert(html);
The following is an example using a Whitelist passed to filterXSS
function. The
Whitelist determines allowed tags and their attributes.
var text = '<div class="d-none"><span class="icon"><span> Msg<script>alert("hi")</script></div>'
var filtered = window.filterXSS(text, {
whiteList: {
div: ['class'],
span: ['class'],
}
})
console.log(filtered)