Filter dangerous scripts in the WYSIWYG editor
<Textarea id = "bug" cols = "80" rows = "5">
<A onclick = "test ();
Test1 () "onblur =
"Test3 ()"> test </a>
</Textarea>
<Button id = "kick"> bug 2 </button>
<Script>
Function kickBug (str ){
Return str. replace (/<[a-z] [^>] +/ig,
Function ($0, $1 ){
Return $0. replace (/\ s * on [a-z] + \ s * = \ s * ("[^"] + "| '[^'] + '| [^ \ s] +) \ s */ig ,"");
}
);
}
HTMLElement. prototype. _ defineGetter _ ("innerText", function (){
Return this. textContent;
});
HTMLElement. prototype. _ defineSetter _ ("innerText", function (text ){
This. textContent = text;
});
Document. getElementById ("kick"). onclick = function (){
Var bug = document. getElementById ("bug ");
Bug. innerText = kickBug (bug. innerText );
}
</Script>
<Textarea id = "bug" cols = "80" rows = "5">
<A onclick = "test ();" href ="
Javascript: alert ('A') "href =" javascript :"
Href = "vbscript: alert ()"
> Test </a>
</Textarea>
<Button id = "kick"> worm 3 </button>
<Script>
Function kickBug (str ){
Return str. replace (/<[a-z] [^>] +/ig,
Function ($0, $1 ){
Return $0. replace (/\ s * (href | src) \ s * = \ s * ("\ s * (javascript | vbscript ): [^ "] +" | '\ s * (javascript | vbscript): [^'] + '| (javascript | vbscript): [^ \ s] +)/ig, "");
}
);
}
HTMLElement. prototype. _ defineGetter _ ("innerText", function (){
Return this. textContent;
});
HTMLElement. prototype. _ defineSetter _ ("innerText", function (text ){
This. textContent = text;
});
Document. getElementById ("kick"). onclick = function (){
Var bug = document. getElementById ("bug ");
Bug. innerText = kickBug (bug. innerText );
}
</Script>