setHTML和setHTMLUnsafe方法效果对比实例页面

回到相关文章 »

效果:

代码:

HTML代码:
<div id="container"></div>

<p>
  <button id="b1">setHTML()方法</button>
  <button id="b2">setHTMLUnsafe()方法</button>
  <button id="b3">setHTML()自定义参数</button>
</p>
JS代码:
const str = `<script>console.log('糟了,中了刀盾');<\/script>
<img src="hanyun.jpg" onload="this.style.border = 'red solid'">
<details>
    <summary>HTML并不简单</summary>
    <p>感谢大家正版支持,无论环境如何变化,学习总是不要停止的。</p>
</details>
<p>普通文字也不显示?</p>`;

b1.onclick = () => {
  container.setHTML(str);
}

b2.onclick = () => {
  container.setHTMLUnsafe(str);
}

const sanitizer = new Sanitizer({
  removeElements: ["script"],
  removeAttributes: ["onload"],
});

b3.onclick = () => {
  container.setHTML(str, {
    sanitizer
  });
}