Removes the potential dangerous tags and keywords from the sourceHTML and returns the result. In this way Javascript injection attack can be avoided. IMPORTANT: Although this method will prevent most of the Javascript injection attacks it is not always 100% sure that all Javascript injection attack can be prevented.
Additionally the html can be html encoded. For html encoding only the following items are transformed: > to >, < to <, & to &.
The following potentially dangerous tags and keywords are transformed.
Dangerous Item
Converted to
SCRIPT block
The whole script block is deleted
IFRAME, STYLE, LINK tags and blocks
The items are deleted
javascript keyword. For example - "javascript:"
javascript is transformed to javascript_
Event handler property. For example: onclick=
Underscore is added to the event name. For examle: onclick= is transformed to onclick_=
Strip