shared/components/src/utils/sanitize-html/browser.ts


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

// Browser ONLY logic. Must have the same exports as server.ts
// See: docs/isomorphic-imports.md

import { type SanitizeHtmlOptions, sanitizeDocument } from './common';

export { type SanitizeHtmlOptions, DEFAULT_SAFE_TAGS } from './common';

// Shared DOMParser instance (avoids creating a new one for each sanitization)
let parser = null;

export function sanitizeHtml(
    input: string,
    options: SanitizeHtmlOptions = {},
): string {
    if (!input) {
        return input;
    }

    if (!parser) {
        parser = new DOMParser();
    }

    const unsafeDocument = parser.parseFromString(`${input}`, 'text/html');
    const unsafeNode = unsafeDocument.body;
    return sanitizeDocument(unsafeDocument, unsafeNode, options);
}