25 lines
735 B
JavaScript
25 lines
735 B
JavaScript
/* global DOMParser:false */
|
|
|
|
/*
|
|
* This method uses DOMParser to parse an HTML string into
|
|
* a document. By using this approach we avoid the potential
|
|
* for XSS attacks on consumers of this component, which would
|
|
* be created by parsing the string via a detached DOM fragment,
|
|
* as in this latter case script in onload attributes will be
|
|
* run in the context of the host page.
|
|
*
|
|
* The drawback to this approach is that browser support is not
|
|
* as wide - IE10 and up along with evergreen browsers.
|
|
*/
|
|
const parseDOM = (str) => {
|
|
const parser = typeof DOMParser === "undefined" ? null : new DOMParser();
|
|
|
|
if (!parser) {
|
|
return null;
|
|
}
|
|
|
|
return parser.parseFromString(str, "text/html");
|
|
};
|
|
|
|
export default parseDOM;
|