WordPress/wp-includes/js/wp-sanitize.js
Adam Silverstein eb3b3fec1d Security: Rename new wp.sanitize.sanitizeText to stripTagsAndEncodeText.'
Improve function naming: this function strips tags from a string and also encodes any HTML entities.

Props ocean90.

Fixes #40635.

Built from https://develop.svn.wordpress.org/trunk@41745


git-svn-id: http://core.svn.wordpress.org/trunk@41579 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-10-04 18:58:47 +00:00

48 lines
993 B
JavaScript

( function () {
window.wp = window.wp || {};
/**
* wp.sanitize
*
* Helper functions to sanitize strings.
*/
wp.sanitize = {
/**
* Strip HTML tags.
*
* @param {string} text Text to have the HTML tags striped out of.
*
* @return Stripped text.
*/
stripTags: function( text ) {
text = text || '';
return text
.replace( /<!--[\s\S]*?(-->|$)/g, '' )
.replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' )
.replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' );
},
/**
* Strip HTML tags and convert HTML entities.
*
* @param {string} text Text to strip tags and convert HTML entities.
*
* @return Sanitized text. False on failure.
*/
stripTagsAndEncodeText: function( text ) {
var _text = wp.sanitize.stripTags( text ),
textarea = document.createElement( 'textarea' );
try {
textarea.innerHTML = _text;
_text = wp.sanitize.stripTags( textarea.value );
} catch ( er ) {}
return _text;
}
};
}() );