更新时间:2022-04-11 06:05:19
如果你想要清理完html(即根本没有脚本执行),你就不需要所有的Caja,只需要html-sanitizer。
If you want to have just sanitized html (ie. no script execution at all), you don't need all of Caja, just the html-sanitizer.
使用:
<script src="http://caja.appspot.com/html-css-sanitizer-minified.js"></script>
<script>
var sanitized = html_sanitize(untrustedCode,
/* optional */ function(url) { return url /* rewrite urls if needed */ },
/* optional */ function(id) { return id; /* rewrite ids, names and classes if needed */ })
</script>
如果您不想允许已清理的CSS样式,请使用http://caja.appspot.com/html-sanitizer-minified.js 。
If you don't want to allow sanitized css styles, use http://caja.appspot.com/html-sanitizer-minified.js instead.