如果你想要清理完html（即根本没有脚本执行），你就不需要所有的Caja，只需要html-sanitizer。

If you want to have just sanitized html (ie. no script execution at all), you don't need all of Caja, just the html-sanitizer.

使用：

<script src="http://caja.appspot.com/html-css-sanitizer-minified.js"></script>
<script>
  var sanitized = html_sanitize(untrustedCode,
    /* optional */ function(url) { return url /* rewrite urls if needed */ },
    /* optional */ function(id) { return id; /* rewrite ids, names and classes if needed */ })
</script>

如果您不想允许已清理的CSS样式，请使用http://caja.appspot.com/html-sanitizer-minified.js 。

If you don't want to allow sanitized css styles, use http://caja.appspot.com/html-sanitizer-minified.js instead.