Cleans HTML to prevent XSS attacks.
This function will examine an HTML document to ensure only tags that are deemed safe are preserved, and will also close tags that are left open.
This is to protect against cross-site scripting (XSS) attacks by sanitizing the inputted HTML code.
HTMLSanitize(Text)
Where:
Text: The string of HTML text to sanitize.
| Rule | Meaning |
|---|---|
| HtmlSanitize("<p>Hello World") | Returns: <p>Hello World</p>
The function will close the <p> tag that has been left open. |
| HtmlSanitize("<div><button onclick=""myFunction()"">Click me</button>Button") | Returns: <div>Button</div>
The function removes the potentially dangerous attribute, onClick, and closes the <div> tag. |