-
-
Notifications
You must be signed in to change notification settings - Fork 690
/
hooks-demo.html
33 lines (28 loc) · 1.14 KB
/
hooks-demo.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<!doctype html>
<html>
<head>
<script src="../dist/purify.js"></script>
</head>
<body>
<!-- Our DIV to receive content -->
<div id="sanitized"></div>
<!-- Now let's sanitize that content -->
<script>
'use strict';
// Assuming DOMPurify is globally available
// import DOMPurify from 'dompurify'; // Uncomment if using ES6 modules
// Specify dirty HTML
const dirty = '<p>HELLO<iframe/\/src=JavScript:alert(1)></ifrAMe><br>goodbye</p>';
// Add a hook to convert all text to capitals
DOMPurify.addHook('beforeSanitizeAttributes', node => {
// Set text node content to uppercase
if (node.nodeName && node.nodeName === '#text') {
node.textContent = node.textContent.toUpperCase();
}
});
// Clean HTML string and write into our DIV
const clean = DOMPurify.sanitize(dirty);
document.getElementById('sanitized').innerHTML = clean;
</script>
</body>
</html>