Various utility function for sanitizing subtitles or other html.
- Version
- 1.0.1
- License
- MIT
- Source
- sanitize.js, line 1
Methods
static export htmlspecialchars(string, quoteStyleopt, charsetopt, doubleEncodeopt) → string
This is the JS equivalent of the PHP htmlspecialchars function. It is used to sanitize HTML formatted subtitles as a security measure.
| Name | Type | Attributes | Default | Description |
|---|---|---|---|---|
string |
string |
The string being converted. |
||
quoteStyle |
number | optional |
Determines how quotes are handled. For more information, consult the inline doc. |
|
charset |
string | optional |
Not supported and therefore ignored. |
|
doubleEncode |
boolean | optional | true |
When doubleEncode is turned off the method will not encode existing html entities, the default is to convert everything. |
- See
- http://php.net/manual/en/function.htmlspecialchars.php
- http://phpjs.org/functions/htmlspecialchars/
- Returns
-
The encoded string.
- Type string
- Source
- sanitize.js, line 27
static export stripTags(input, allowedopt) → string
This is the JS equivalent of the PHP striptags function. It is used to sanitize HTML formatted subtitles by removing all tags (except the allowed ones).
| Name | Type | Attributes | Description |
|---|---|---|---|
input |
string |
The string being converted. |
|
allowed |
string | optional |
List of allowed tags in this format: " |
- See
- http://locutus.io/php/strings/strip_tags/
- Returns
-
The stripped output string.
- Type string
- Source
- sanitize.js, line 85
static export sanitizeHTML(input) → string
Sanitizes an HTML string by removing unsafe elements and attributes.
The function strips any tags and attributes that are not explicitly allowed.
It also ensures that dangerous URLs (e.g. Javascript:, data:) are removed.
This implementation now includes specific handling for
| Name | Type | Description |
|---|---|---|
input |
string |
The HTML string to sanitize. |
- Returns
-
- Sanitized HTML string.
- Type string
- Source
- sanitize.js, line 107
private, static transformCTags(inputStr) → string
Transforms <c.class> tags into <span class="class"> before parsing.
Removes <c> tags without valid class names.
Only allows alphanumeric characters, hyphens, and underscores in class names.
| Name | Type | Description |
|---|---|---|
inputStr |
string |
Input string possibly containing |
- Returns
-
Transformed string with valid tags.
- Type string
- Source
- sanitize.js, line 238
private, static decodeMultipleEncodings(inputStr) → string
Recursively decodes URL-encoded sequences (e.g. %20, %3C) until stable.
| Name | Type | Description |
|---|---|---|
inputStr |
string |
Possibly encoded input string. |
- Returns
-
Decoded output string.
- Type string
- Source
- sanitize.js, line 261
private, static decodeHtmlEntities(inputStr) → string
Decodes HTML entities using a temporary <textarea> element.
Converts e.g. <, &, ' into their character equivalents.
| Name | Type | Description |
|---|---|---|
inputStr |
string |
String containing HTML entities. |
- Returns
-
Decoded output string.
- Type string
- Source
- sanitize.js, line 284
private, static decodeBase64(inputStr) → string
Tries to decode base64-encoded strings. Recognizes and strips data URIs for common image formats. Returns original input if decoding fails.
| Name | Type | Description |
|---|---|---|
inputStr |
string |
Base64 or plain input string. |
- Returns
-
Decoded string or original if decoding fails.
- Type string
- Source
- sanitize.js, line 299