| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 /** 2 * @output wp-includes/js/wp-sanitize.js 3 */ 4 5 /* eslint-env es6 */ 6 7 ( function () { 8 9 window.wp = window.wp || {}; 10 11 /** 12 * wp.sanitize 13 * 14 * Helper functions to sanitize strings. 15 */ 16 wp.sanitize = { 17 18 /** 19 * Strip HTML tags. 20 * 21 * @param {string} text - Text to strip the HTML tags from. 22 * 23 * @return {string} Stripped text. 24 */ 25 stripTags: function( text ) { 26 if ( 'string' !== typeof text ) { 27 return ''; 28 } 29 30 const domParser = new DOMParser(); 31 const htmlDocument = domParser.parseFromString( 32 text, 33 'text/html' 34 ); 35 36 /* 37 * The following self-assignment appears to be a no-op, but it isn't. 38 * It enforces the escaping. Reading the `innerText` property decodes 39 * character references, returning a raw string. When written, however, 40 * the text is re-escaped to ensure that the rendered text replicates 41 * what it's given. 42 * 43 * See <https://github.com/WordPress/wordpress-develop/pull/10536#discussion_r2550615378>. 44 */ 45 htmlDocument.body.innerText = htmlDocument.body.innerText; 46 47 // Return the text with stripped tags. 48 return htmlDocument.body.innerHTML; 49 }, 50 51 /** 52 * Strip HTML tags and convert HTML entities. 53 * 54 * @param {string} text - Text to strip tags and convert HTML entities. 55 * 56 * @return {string} Sanitized text. 57 */ 58 stripTagsAndEncodeText: function( text ) { 59 let _text = wp.sanitize.stripTags( text ), 60 textarea = document.createElement( 'textarea' ); 61 62 try { 63 textarea.textContent = _text; 64 _text = wp.sanitize.stripTags( textarea.value ); 65 } catch ( er ) {} 66 67 return _text; 68 } 69 }; 70 }() );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated : Wed Jun 24 08:20:11 2026 | Cross-referenced by PHPXref |