-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathtoStaticHTML.html
More file actions
43 lines (38 loc) · 1.24 KB
/
toStaticHTML.html
File metadata and controls
43 lines (38 loc) · 1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8" />
<title>A simple demo of toStaticHTML</title>
<style>
input {
width:400px;
}
#output {
margin-top:20px;
}
</style>
</head>
<body>
Enter text:
<input type="text" value="<script>alert('malicious');</script>I'm normal text" id="inp"/>
<button type="submit" id="btn">Submit</button>
<div id="output"></div>
<script type="text/javascript">
(function () {
function sanitizeInput() {
if (!window.toStaticHTML) {
alert("Your browser do not support 'toStaticHTML' function");
return;
}
var inputVal = document.querySelector("#inp").value
/* Method: window.toStaticHTML
* Supported in IE8+ browsers
* Useful in HTML5 windows8 application
*/
document.getElementById("output").innerHTML = "Sanitized output: "+window.toStaticHTML(inputVal);
}
document.getElementById("btn").addEventListener("click",sanitizeInput, false);
})();
</script>
</body>
</html>