Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Web Development
HTML and CSS
Methods
 toStaticHTML Method
toStaticHTML Method
New for Windows Internet Explorer 8
Note: This documentation is preliminary and is subject to change.

Removes dynamic HTML elements and attributes from an HTML fragment.

Syntax

pbstrStaticHTML = window.toStaticHTML(bstrHTML)

Parameters

bstrHTML Required. An HTML fragment.

Return Value

An HTML fragment consisting of static elements only.

Remarks

HTML fragments that are passed on the URL or passed across domains by XDomainRequest or postMessage might contain harmful scripts. For the highest security, use toStaticHTML to remove event attributes and script before adding a fragment to a Web page.

Example

The following script demonstrates how toStaticHTML sanitizes script and dynamic HTML attributes. The result of the operation is: <span>Click Me</span>. 

<script type="text/javascript">
function sanitize() 
{
    var szInput = myDiv.innerHTML;
    var szStaticHTML = toStaticHTML(szInput);
    ResultComment = "\ntoStaticHTML sanitized the HTML fragment as follows:\n"
        + "Original Content:\n" + szInput + "\n"
        + "Static Content:\n" + szStaticHTML + "\n";
    myDiv.innerText = ResultComment;
}
</script>
</head>

<body onload="sanitize()">
    <div id="myDiv">
    <script>function test() { alert("Testing, Testing, 123..."); }</script>
    <span onclick="test()">Click Me</span>
    </div>
</body>

Standards Information

There is no public standard that applies to this method.

Applies To

window

See Also

innerHTML
Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker