(el: HTMLElement)
| 95 | } |
| 96 | |
| 97 | function sanitizeElement(el: HTMLElement): void { |
| 98 | const tagName = el.tagName.toLowerCase(); |
| 99 | |
| 100 | const allowedForTag = PRESERVED_ATTRIBUTES[tagName] || []; |
| 101 | const allowedGlobal = PRESERVED_ATTRIBUTES['*'] || []; |
| 102 | const allowed = new Set([...allowedForTag, ...allowedGlobal]); |
| 103 | |
| 104 | const attributesToRemove: string[] = []; |
| 105 | |
| 106 | for (const attr of Array.from(el.attributes)) { |
| 107 | if (attr.name.startsWith('data-')) { |
| 108 | attributesToRemove.push(attr.name); |
| 109 | continue; |
| 110 | } |
| 111 | |
| 112 | if (!allowed.has(attr.name)) { |
| 113 | attributesToRemove.push(attr.name); |
| 114 | } |
| 115 | } |
| 116 | |
| 117 | for (const attr of attributesToRemove) { |
| 118 | el.removeAttribute(attr); |
| 119 | } |
| 120 | } |
no test coverage detected
searching dependent graphs…