goog.html.sanitizer.noclobber
| Module ID |
|---|
Utility DOM functions resistant to DOM clobbering. Clobbering resistance is offered as a best-effort feature -- it is not available on older browsers such as IE <10, Chrome <43, etc. In some cases, we can at least detect clobbering attempts and abort. Note that this is not intended to be a general-purpose library -- it is only used by the HTML sanitizer to accept and sanitize clobbered input. If your projects needs to protect against clobbered content, consider using the HTML sanitizer and configuring it to defuse clobbering by prefixing all element ids and names in the output.
Exported Functions
appendNodeChild( parent, child ) → Node
NodeAppends a child to a node without falling prey to things like
.| Parameters |
| ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Returns |
| ||||||||
assertNodeIsElement( node ) → Element
ElementAsserts that a Node is an Element, without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
elementMatches( element, selector ) → boolean
booleangetChildNodes( node ) → NodeList<Node>
NodeList<Node>Returns the value of node.childNodes without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getCssPropertyValue( cssStyle, propName ) → string
stringgetElementAttribute( element, attrName ) → (string|null)
(string|null)getElementAttributes( element ) → NamedNodeMap
NamedNodeMapReturns an element's attributes without falling prey to things like
. Equivalent to `node.attributes`.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getElementInnerHTML( element ) → string
stringReturns a node's innerHTML property value without falling prey to things like
. Equivalent to `element.innerHTML`.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getElementNamespaceURI( element ) → string
stringReturns an element's namespace URI without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getElementStyle( element ) → CSSStyleDeclaration
CSSStyleDeclarationReturns an element's style without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getElementStyleSheet( element ) → CSSStyleSheet
CSSStyleSheetReturns an element's style without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getElementsByTagName( element, name ) → Array<Element>
Array<Element>getNodeName( node ) → string
stringReturns a node's nodeName without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getNodeType( node ) → number
numberReturns a node's nodeType without falling prey to things like
<form><input name="nodeType"></form>.
| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
getParentNode( node ) → (Node|null)
(Node|null)Returns a node's parentNode without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
hasElementAttribute( element, attrName ) → boolean
booleanisNodeElement( node ) → boolean
booleanReturns whether the node is an Element, without falling prey to things like
.| Parameters |
| ||||
|---|---|---|---|---|---|
| Returns |
| ||||
removeElementAttribute( element, attrName ) → void
voidDeletes a specific attribute from an element without falling prey to things like
. Equivalent toelement.removeAttribute("foo").
| Parameters |
| ||||||||
|---|---|---|---|---|---|---|---|---|---|
setCssProperty( cssStyle, propName, sanitizedValue ) → void
voidsetElementAttribute( element, name, value ) → void
void