I want dompurify
允许 iframe 标签,我添加iframe
作为例外(ADD_TAGS
)。但这消除了它的一些属性。我希望所有属性都在那里。
<!doctype html>
<html>
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/1.0.3/purify.min.js"></script> </head>
<body>
<!-- Our DIV to receive content -->
<div id="sanitized"></div>
<!-- Now let's sanitize that content -->
<script>
/* jshint globalstrict:true, multistr:true */
/* global DOMPurify */
'use strict';
// Specify dirty HTML
var dirty = '<iframe allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" scrolling="no" src="https://www.youtube.com/embed/vJG698U2Mvo" width="560"></iframe>';
var config = { ADD_TAGS: ['iframe'], KEEP_CONTENT: false }
// Clean HTML string and write into our DIV
var clean = DOMPurify.sanitize(dirty, config);
console.log('clean: ', clean)
document.getElementById('sanitized').innerHTML = clean;
</script>
</body>
</html>
这是经过净化的输出
"clean: <iframe width='560' src='https://www.youtube.com/embed/vJG698U2Mvo' height='315'></iframe>"
如果您只想允许 iframe 标记,请使用 ALLOWED_TAGS 而不是 ADD_TAGS,它允许默认允许的标记和默认情况下不允许的 iframe 标记。
允许所有默认标签和 iframe 标签:
DOMPurify.sanitize(dirty, { ADD_TAGS: ["iframe"], ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'] });
仅允许 iframe 标记:
DOMPurify.sanitize(dirty, { ALLOWED_TAGS: ["iframe"], ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'] });
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系:hwhale#tublm.com(使用前将#替换为@)