Changeset 61347
- Timestamp:
- 12/03/2025 06:07:53 PM (10 days ago)
- File:
-
- 1 edited
-
trunk/src/js/_enqueues/wp/sanitize.js (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/js/_enqueues/wp/sanitize.js
r60907 r61347 24 24 */ 25 25 stripTags: function( text ) { 26 let _text = text || ''; 26 const domParser = new DOMParser(); 27 const htmlDocument = domParser.parseFromString( 28 text, 29 'text/html' 30 ); 27 31 28 // Do the search-replace until there is nothing to be replaced. 29 do { 30 // Keep pre-replace text for comparison. 31 text = _text; 32 33 // Do the replacement. 34 _text = text 35 .replace( /<!--[\s\S]*?(-->|$)/g, '' ) 36 .replace( /<(script|style)[^>]*>[\s\S]*?(<\/\1>|$)/ig, '' ) 37 .replace( /<\/?[a-z][\s\S]*?(>|$)/ig, '' ); 38 } while ( _text !== text ); 32 /* 33 * The following self-assignment appears to be a no-op, but it isn't. 34 * It enforces the escaping. Reading the `innerText` property decodes 35 * character references, returning a raw string. When written, however, 36 * the text is re-escaped to ensure that the rendered text replicates 37 * what it's given. 38 * 39 * See <https://github.com/WordPress/wordpress-develop/pull/10536#discussion_r2550615378>. 40 */ 41 htmlDocument.body.innerText = htmlDocument.body.innerText; 39 42 40 43 // Return the text with stripped tags. 41 return _text;44 return htmlDocument.body.innerHTML; 42 45 }, 43 46
Note: See TracChangeset
for help on using the changeset viewer.