cssAudio - Activefile-genericCSS - ActiveGeneric - ActiveHTML - ActiveImage - ActiveJS - ActiveSVG - ActiveText - Activefile-genericVideo - ActiveLovehtmlicon-new-collectionicon-personicon-teamlog-outoctocatpop-outspinnerstartv

Pen Settings

CSS Base

Vendor Prefixing

Add External CSS

These stylesheets will be added in this order and before the code you write in the CSS editor. You can also add another Pen here, and it will pull the CSS from it. Try typing "font" or "ribbon" below.

Quick-add: + add another resource

Add External JavaScript

These scripts will run in this order and before the code in the JavaScript editor. You can also link to another Pen here, and it will run the JavaScript from it. Also try typing the name of any popular library.

Quick-add: + add another resource

Code Indentation

     

Save Automatically?

If active, Pens will autosave every 30 seconds after being saved once.

Auto-Updating Preview

If enabled, the preview panel updates automatically as you code. If disabled, use the "Run" button to update.

            
              <html>
  <body>
    <center><h1>HTML Sanitization</h1></center>    
    <div id="demo">
      <p>
        <label>Input HTML to sanitize</label><br/>
        <textarea id="input" rows="5" cols="50"></textarea>
      </p>
      <p>
        <label>Output</label><br/>
        <textarea id="output" rows="5" cols="50"></textarea>
      </p>
      <p><button onclick="sanitize(); return false;">Sanitize!</button></p>
    </div>
    <div id="explanation">
      <p>
        This is a demonstration of how to use the Google Caja project's <a href="https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer">HTML sanitizer</a> Javascript function to sanitize third party HTML. It strips style tags, script tags and allows for modification and/or removal of URLs and class/ID values.
      </p>
    </div>
  </body>
</html>
            
          
!
            
              body {
  font-family: Helvetica, Verdana, Arial, Sans-serif; 
  font-size: 18px;
  background-color: #222222;
  color: #F8F8F8;
  max-width: 800px;
}

a, a:hover, a:active, a:visited {
  color: #19F1FF;
}

h1 {
  margin-bottom: 20px;
  color: #FFDC00;
  font-size: 24px;
  font-weight: normal;
  text-transform: uppercase;
}

#demo {
  float: right;
  width: 400px;
}

#explanation {
  margin-left: 10px;
  margin-right: 450px;
}

label {
  color: #19F1FF;
  text-transform: uppercase;
  font-size: 14px;
}

p {
  margin-top: 0px;
}

button {
  background-image: none;
  background-color: #FFDC00;
  color: #222222;
  border: none;
  font-size: 18px;
  padding: 12px;
}
            
          
!
            
              // Takes a URL and either modifies it or strips it by returning null
function urlTransformer(url) { 
  console.log("Transforming URL: %s", url);
  return "http://goodsite.com/goodimage.jpg";
};

// Takes in an element ID or class name and either modifies it or strips it by returning null
function classIdTransformer(name) {
  console.log("Transforming Class/Id: %s", name);
  
  if(name !== 'myImage') {
    return name;
  }
};

// note need to escape the slash in close <script> tag otherwise browser thinks we are closing the script tag codepen puts us in
var defaultHtml = 
    "<style>background-color: red;</style>" +
    "<a style='color:blue' href='javascript:myBadFunction()' onclick='alert(\"Doing something bad\")'>Click me I dare you</a>" +
    "<script src='http://badsite.com/bad.js'></\script>" +
    "<img id='myImage' class='myClass' src='http://www.badsite.com/myimage.jpg'/>";


function sanitize() {
  var html = $("#input").val();
  console.log("HTML is: " + html);
  
  console.groupCollapsed("Sanitizing input HTML: %s", html);
  console.time("sanitizing");
  var sanitized = html_sanitize(html, urlTransformer, classIdTransformer);
  console.timeEnd("sanitizing");
  console.groupEnd("Sanitizing");

  console.log("Sanitized HTML is: %s", sanitized);

  $("#output").val(sanitized);
}

$( document ).ready(function() {
  $("#input").val(defaultHtml);
});
            
          
!
999px
Close

Asset uploading is a PRO feature.

As a PRO member, you can drag-and-drop upload files here to use as resources. Images, Libraries, JSON data... anything you want. You can even edit them anytime, like any other code on CodePen.

Go PRO

Loading ..................

Console