Javascript 如何在“dompurify”中允许包含其所有属性的iframe标记
我希望Javascript 如何在“dompurify”中允许包含其所有属性的iframe标记,javascript,dompurify,Javascript,Dompurify,我希望domprify允许iframe标记,并且我添加iframe作为例外(add_标记)。但这会去除它的一些属性。我希望所有属性都在那里 <!doctype html> <html> <head> <script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/1.0.3/purify.min.js"></script> </head&
domprify
允许iframe标记,并且我添加iframe
作为例外(add_标记
)。但这会去除它的一些属性。我希望所有属性都在那里
<!doctype html>
<html>
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/dompurify/1.0.3/purify.min.js"></script> </head>
<body>
<!-- Our DIV to receive content -->
<div id="sanitized"></div>
<!-- Now let's sanitize that content -->
<script>
/* jshint globalstrict:true, multistr:true */
/* global DOMPurify */
'use strict';
// Specify dirty HTML
var dirty = '<iframe allow="accelerometer; autoplay; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" scrolling="no" src="https://www.youtube.com/embed/vJG698U2Mvo" width="560"></iframe>';
var config = { ADD_TAGS: ['iframe'], KEEP_CONTENT: false }
// Clean HTML string and write into our DIV
var clean = DOMPurify.sanitize(dirty, config);
console.log('clean: ', clean)
document.getElementById('sanitized').innerHTML = clean;
</script>
</body>
</html>
/*jshint globalstrict:true,multistr:true*/
/*全局DOMPrify*/
"严格使用",;
//指定脏HTML
var dirty='';
var config={ADD_标记:['iframe'],KEEP_内容:false}
//清理HTML字符串并写入我们的DIV
var clean=domprify.sanitize(dirty,config);
console.log('clean:',clean)
document.getElementById('sanitized')。innerHTML=clean;
这是经过消毒的输出
"clean: <iframe width='560' src='https://www.youtube.com/embed/vJG698U2Mvo' height='315'></iframe>"
“清除:”
如果我正确理解了文档,您还需要注册您希望继续使用的必要非标准属性:
DOMPurify.sanitize(dirty, { ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'] });
如果只允许iframe标记,请使用允许的\u标记,而不是添加允许默认允许标记的\u标记和默认不允许的iframe标记 要允许所有默认标记和iframe标记,请执行以下操作:
DOMPurify.sanitize(dirty, { ADD_TAGS: ["iframe"], ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'] });
DOMPurify.sanitize(dirty, { ADD_TAGS: ["iframe"], ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'] });
要仅允许iframe标记,请执行以下操作:
DOMPurify.sanitize(dirty, { ADD_TAGS: ["iframe"], ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'] });
DOMPurify.sanitize(dirty, { ADD_TAGS: ["iframe"], ADD_ATTR: ['allow', 'allowfullscreen', 'frameborder', 'scrolling'] });