| [ Index ] |
PHP Cross Reference of WordPress Trunk (Updated Daily) |
[Summary view] [Print] [Text view]
1 /** 2 * @output wp-includes/js/wp-sanitize.js 3 */ 4 5 /* eslint-env es6 */ 6 7 ( function () { 8 9 window.wp = window.wp || {}; 10 11 /** 12 * wp.sanitize 13 * 14 * Helper functions to sanitize strings. 15 */ 16 wp.sanitize = { 17 18 /** 19 * Strip HTML tags. 20 * 21 * @param {string} text - Text to strip the HTML tags from. 22 * 23 * @return {string} Stripped text. 24 */ 25 stripTags: function( text ) { 26 const domParser = new DOMParser(); 27 const htmlDocument = domParser.parseFromString( 28 text, 29 'text/html' 30 ); 31 32 /* 33 * The following self-assignment appears to be a no-op, but it isn't. 34 * It enforces the escaping. Reading the `innerText` property decodes 35 * character references, returning a raw string. When written, however, 36 * the text is re-escaped to ensure that the rendered text replicates 37 * what it's given. 38 * 39 * See <https://github.com/WordPress/wordpress-develop/pull/10536#discussion_r2550615378>. 40 */ 41 htmlDocument.body.innerText = htmlDocument.body.innerText; 42 43 // Return the text with stripped tags. 44 return htmlDocument.body.innerHTML; 45 }, 46 47 /** 48 * Strip HTML tags and convert HTML entities. 49 * 50 * @param {string} text - Text to strip tags and convert HTML entities. 51 * 52 * @return {string} Sanitized text. 53 */ 54 stripTagsAndEncodeText: function( text ) { 55 let _text = wp.sanitize.stripTags( text ), 56 textarea = document.createElement( 'textarea' ); 57 58 try { 59 textarea.textContent = _text; 60 _text = wp.sanitize.stripTags( textarea.value ); 61 } catch ( er ) {} 62 63 return _text; 64 } 65 }; 66 }() );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated : Thu Apr 23 08:20:11 2026 | Cross-referenced by PHPXref |