### Query Sanitizer Configuration with get() Source: https://github.com/wicg/sanitizer-api/blob/main/explainer.md Use `get()` to inspect the effective configuration of a Sanitizer instance, showing allowed elements and attributes in their canonical form. Note that elements disallowed in safe contexts, like 'script', may be omitted. ```js const a_simple_config = new Sanitizer({ elements: [ "div", "p", "span", "script" ] }); a_simple_config.get(); ``` ```json { elements: [ { "name": "div", "namespace": "http://www.w3.org/1999/xhtml" }, { "name": "p", "namespace": "http://www.w3.org/1999/xhtml" }, { "name": "span", "namespace": "http://www.w3.org/1999/xhtml" } ], attributes: [ { "name": "href", "namespace": "" }, { "name": "class, "namespace": "" }, { "name": "id", "namespace": "" }, // ... many more ] } ``` -------------------------------- ### Mixing Allow and Replace-with-Children Lists Source: https://github.com/wicg/sanitizer-api/blob/main/explainer.md Combining allow-lists and replace-with-children-lists in a configuration is permissible. This example shows retaining simple styling elements while replacing others with their children. ```javascript // Mixing allow and replace with children lists works. const config_that_retains_simple_styling_but_most_text = new Sanitizer({ elements: ["p", "b", "i"], replaceWithChildrenElements: ["div", "span", "em", "u", "s", "li"], }); const styled_text = "
Some colourful styled text"; //
Some colourful styled text
bla"; element_xml.getRootNode().contentType; // application/xhtml+xml element_xml.innerHTML = example_not_xml; // Throws. element_xml.setHTML(example_not_xml); //// Note case and closing elements. element.setHTML(example_not_xml); // Same as above. ``` -------------------------------- ### DOMPurify Hooks Source: https://github.com/wicg/sanitizer-api/blob/main/comparison.md DOMPurify provides a hook system for intercepting and modifying the sanitization process at various stages, offering fine-grained control. ```javascript beforeSanitizeElements uponSanitizeElement afterSanitizeElements beforeSanitizeAttributes uponSanitizeAttribute afterSanitizeAttributes beforeSanitizeShadowDOM uponSanitizeShadowNode afterSanitizeShadowDOM ``` -------------------------------- ### Allowing HTML Comments Source: https://github.com/wicg/sanitizer-api/blob/main/explainer.md Enable the handling of HTML comment nodes by setting the 'comments' option to true. This allows comments to be preserved in the sanitized output. ```javascript const config_comments: new Sanitizer({ comments: true }); element.setHTML("XXXXXX", {sanitizer: config_comments}); //blaXXXXXX``` -------------------------------- ### Add Contributor to Pull Request Source: https://github.com/wicg/sanitizer-api/blob/main/CONTRIBUTING.md Use this syntax to add a GitHub username as a contributor to a pull request, with one username per line. ```markdown +@github_username ``` -------------------------------- ### DOMPurify Return Value Types Source: https://github.com/wicg/sanitizer-api/blob/main/comparison.md DOMPurify supports various return types for sanitized content, influencing allowed tags. Use these constants to specify the desired output format. ```javascript RETURN_DOM RETURN_DOM_FRAGMENT RETURN_DOM_IMPORT RETURN_TRUSTED_TYPE ``` -------------------------------- ### DOMPurify Content Filtering Options Source: https://github.com/wicg/sanitizer-api/blob/main/comparison.md Configure DOMPurify to control which HTML tags, attributes, and protocols are allowed or forbidden. These options help define the sanitization scope. ```javascript ALLOWED_TAGS ALLOWED_ATTR FORBID_TAGS FORBID_ATTR ADD_TAGS ADD_ATTR ALLOW_DATA_ATTR ALLOW_UNKNOWN_PROTOCOLS ALLOWED_URI_REGEXP ADD_URI_SAFE_ATTR ALLOW_ARIA_ATTR SAFE_FOR_TEMPLATES SAFE_FOR_JQUERY ``` -------------------------------- ### Replacing Elements While Preserving Children Source: https://github.com/wicg/sanitizer-api/blob/main/explainer.md Utilize 'replaceWithChildrenElements' to remove specified elements but keep their child content. This is useful for stripping formatting while retaining text. ```javascript const config_that_removes_elements_but_preserves_their_children = new Sanitizer({ replaceWithChildrenElements: ["span", "em", "u", "s", "i", "b"] }); element.setHTML( "Fancy text with pizzazz.", { sanitizer: config_that_removes_elements_but_preserves_their_children }); //Fancy text with pizzazz.``` -------------------------------- ### Remove Contributor from Pull Request Source: https://github.com/wicg/sanitizer-api/blob/main/CONTRIBUTING.md Use this syntax to remove a GitHub username from a pull request, typically to correct an accidental addition or to remove yourself if you had no part in designing the feature. ```markdown -@github_username ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.