Class Sanitizer

Namespace: CSharpToJavaScript.APIs.JS

Assembly: CSharpToJavaScript.dll

The Sanitizer interface of the HTML Sanitizer API defines a configuration object that specifies what elements, attributes and comments are allowed or should be removed when inserting strings of HTML into an Element or ShadowRoot, or when parsing an HTML string into a Document.

[Value("Sanitizer")]
public class Sanitizer

Inheritance: object

Sanitizer

Inherited Members: object.GetType()

object.MemberwiseClone()

object.ToString()

object.Equals(object)

object.Equals(object, object)

object.ReferenceEquals(object, object)

object.GetHashCode()

Remarks

A Sanitizer instance is effectively a wrapper around a SanitizerConfig, and can be passed as a configuration alternative in the same sanitization methods:

Note that Sanitizer is expected to be more efficient to reuse and modify when needed.

See also on MDN

Constructors

Sanitizer()

public Sanitizer()

Sanitizer(Union128)

The Sanitizer() constructor creates a new Sanitizer object, which can be used to filter unwanted elements and attributes from HTML or documents before they are inserted/parsed into the DOM.

public Sanitizer(Union128 configuration = default)

Parameters

configuration Union128

Remarks

See also on MDN

Methods

AllowAttribute(Union131)

The allowAttribute() method of the Sanitizer interface sets an attribute to be allowed on all elements when the sanitizer is used.

[Value("allowAttribute")]
public GlobalObject.Undefined AllowAttribute(Union131 attribute)

Parameters

attribute Union131

Returns

GlobalObject.Undefined: true if the operation changed the configuration to allow the attribute, and false if the configuration already allowed the attribute.Note that false might be returned if the internal configuration:

Remarks

The method can be used with either an allow configuration or a remove configuration.
If used with an allow configuration, the specified attribute is added to the attributes array.
If used with a remove configuration, the attribute is removed from the removeAttributes array (if present).

Note that to allow/disallow attributes only on specific elements use 'Sanitizer.AllowElement'.

See also on MDN

AllowElement(Union130)

The allowElement() method of the Sanitizer interface sets that the specified element is allowed in the output when the sanitizer is used.

[Value("allowElement")]
public GlobalObject.Undefined AllowElement(Union130 element)

Parameters

element Union130

Returns

GlobalObject.Undefined: true if the operation changed the configuration to allow the element, and false if the configuration was not changed (usually because the element was already allowed, but potentially because the change could not be made).Note that false might be returned if the internal configuration:

Remarks

It can also be used to specify per-element attribute allow or remove arrays on Sanitizer instances with an allow configuration.

See also on MDN

Get()

The get() method of the Sanitizer interface returns a 'SanitizerConfig' dictionary instance that represents the current Sanitizer configuration.

[Value("get")]
public SanitizerConfig Get()

Returns

SanitizerConfig: A SanitizerConfig.

Remarks

This may be used to create a sanitizer that is slightly modified from the default; by first getting and then modifying the default sanitizer configuration, and then using it to construct a new sanitizer.

The returned configuration can also be used to inspect the configuration, and can be passed directly the HTML parsing functions.
Note however that it will be more efficient to pass a Sanitizer rather than a configuration dictionary, particularly where the Sanitizer is to be used multiple times.

See also on MDN

RemoveAttribute(Union131)

The removeAttribute() method of the Sanitizer interface sets an attribute to be removed from all elements when the sanitizer is used.

[Value("removeAttribute")]
public GlobalObject.Undefined RemoveAttribute(Union131 attribute)

Parameters

attribute Union131

Returns

GlobalObject.Undefined: true if the operation changed the configuration to disallow the attribute, and false if the attribute was already disallowed.Note that false might be returned if the internal configuration:

Remarks

The method can be used with either an allow configuration or a remove configuration.
If used with a remove configuration, the specified attribute is added to the removeAttributes array.
If used with an allow configuration, the attribute is removed from the attributes array (if present).

Note that to allow/disallow attributes only on specific elements use 'Sanitizer.AllowElement'.

See also on MDN

RemoveElement(Union129)

The removeElement() method of the Sanitizer interface sets the specified element be removed from the output when the sanitizer is used.

[Value("removeElement")]
public GlobalObject.Undefined RemoveElement(Union129 element)

Parameters

element Union129

Returns

GlobalObject.Undefined: true if the operation changed the configuration to disallow the element, and false if the element was already disallowed.Note that false might be returned if the internal configuration:

Remarks

The method can be used with either an allow configuration or a remove configuration.
If used with a remove configuration, the specified element is added to the removeElements array.
If used with an allow configuration, the element is removed from the elements array (if present).

See also on MDN

RemoveUnsafe()

The removeUnsafe() method of the Sanitizer interface configures the sanitizer configuration so that it will remove all elements, attributes, and event handler content attributes that are considered XSS-unsafe by the browser.

[Value("removeUnsafe")]
public GlobalObject.Undefined RemoveUnsafe()

Returns

GlobalObject.Undefined: true if the operation removed any elements, attributes, or event handler content attributes that are considered XSS-unsafe, and false if no elements or attributes were removed.

Remarks

The method can be called to make any custom configuration XSS-safe.
Note that if you're using the sanitizer with one of the "safe" HTML setters, such as Element.SetHTML and ShadowRoot.SetHTML, you do not need to call this method to make the sanitizer safe.
When used in these setters the method is called implicitly, without modifying the Sanitizer instance that is passed.

See also on MDN

ReplaceElementWithChildren(Union129)

The replaceElementWithChildren() method of the Sanitizer interface sets an element to be replaced by its child HTML elements when the sanitizer is used.
This is primarily used for stripping styles from text.

[Value("replaceElementWithChildren")]
public GlobalObject.Undefined ReplaceElementWithChildren(Union129 element)

Parameters

element Union129

Returns

GlobalObject.Undefined: true if the operation changed the configuration to set the element to be replaced by its children, and false if the sanitizer was already replacing the element.

Remarks

See also on MDN

SetComments(bool)

The setComments() method of the Sanitizer interface sets whether comments will be allowed or removed by the sanitizer.

[Value("setComments")]
public GlobalObject.Undefined SetComments(bool allow)

Parameters

allow bool

Returns

GlobalObject.Undefined: true if the operation changed the configuration, and false if the configuration already set comments to the specified value.

Remarks

See also on MDN

SetDataAttributes(bool)

The setDataAttributes() method of the Sanitizer interface sets whether all data-* attributes will be allowed by the sanitizer, or if they must be individually specified.

[Value("setDataAttributes")]
public GlobalObject.Undefined SetDataAttributes(bool allow)

Parameters

allow bool

Returns

GlobalObject.Undefined: true if the operation changed the configuration, and false if the configuration already set dataAttributes to the specified value or dataAttributes cannot be set true because this sanitizer has a remove configuration.

Remarks

If this is set true, then data attributes are automatically allowed and you should not add them individually using 'Sanitizer.AllowAttribute' (or 'Sanitizer.AllowElement' for local attributes).

Note that this method is useful for allow configurations which have a lot of data-* attributes that you want to allow.
The method returns false when used with remove configurations, which can allow all data-* attributes simply by omitting them.

See also on MDN

Table of Contents

Class Sanitizer

Remarks

Constructors

Sanitizer()

Sanitizer(Union128)

Parameters

Remarks

Methods

AllowAttribute(Union131)

Parameters

Returns

Remarks

AllowElement(Union130)

Parameters

Returns

Remarks

Get()

Returns

Remarks

RemoveAttribute(Union131)

Parameters

Returns

Remarks

RemoveElement(Union129)

Parameters

Returns

Remarks

RemoveUnsafe()

Returns

Remarks

ReplaceElementWithChildren(Union129)

Parameters

Returns

Remarks

SetComments(bool)

Parameters

Returns

Remarks

SetDataAttributes(bool)

Parameters

Returns

Remarks