| Server IP : 84.16.76.247 / Your IP : 216.73.217.114 Web Server : Apache System : Linux h2web300 4.9.0-0.bpo.12-amd64 #1 SMP Debian 4.9.210-1+deb9u1~deb8u1 (2020-06-09) x86_64 User : uid195448 ( 195448) PHP Version : 7.4.33 Disable Function : passthru,exec,system,popen,shell_exec,proc_open,pcntl_exec MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : ON | Pkexec : OFF Directory : /home/clients/9feeab47ed6ca1a1b2890343d7a99fd4/web/wp-includes/js/ |
Upload File : |
/**
* @output wp-includes/js/wp-sanitize.js
*/
/* eslint-env es6 */
( function () {
window.wp = window.wp || {};
/**
* wp.sanitize
*
* Helper functions to sanitize strings.
*/
wp.sanitize = {
/**
* Strip HTML tags.
*
* @param {string} text - Text to strip the HTML tags from.
*
* @return {string} Stripped text.
*/
stripTags: function( text ) {
if ( 'string' !== typeof text ) {
return '';
}
const domParser = new DOMParser();
const htmlDocument = domParser.parseFromString(
text,
'text/html'
);
/*
* The following self-assignment appears to be a no-op, but it isn't.
* It enforces the escaping. Reading the `innerText` property decodes
* character references, returning a raw string. When written, however,
* the text is re-escaped to ensure that the rendered text replicates
* what it's given.
*
* See <https://github.com/WordPress/wordpress-develop/pull/10536#discussion_r2550615378>.
*/
htmlDocument.body.innerText = htmlDocument.body.innerText;
// Return the text with stripped tags.
return htmlDocument.body.innerHTML;
},
/**
* Strip HTML tags and convert HTML entities.
*
* @param {string} text - Text to strip tags and convert HTML entities.
*
* @return {string} Sanitized text.
*/
stripTagsAndEncodeText: function( text ) {
let _text = wp.sanitize.stripTags( text ),
textarea = document.createElement( 'textarea' );
try {
textarea.textContent = _text;
_text = wp.sanitize.stripTags( textarea.value );
} catch ( er ) {}
return _text;
}
};
}() );