I am actually trying to make the result of a wysihtml5 editor secure.
Basically, users cannot enter script/forms/etc tags.
I cannot remove all tags as some of them are used to display the content as wished.
(eg : <h1>
to display a title)
The problem is that users are still able to add DOM event listeners binded to some unwanted code.
(eg : <h1 onclick="alert('Houston, got a problem');"></h1>
)
I would like to remove all event listeners inside a div (for all descendants inside that div).
The solution I actually tried to use is to check the code as a string to find and replace unwanted content, which worked for the unwanted tags.
What I actually need is a regex matching all event listeners inside all tags.
Something like "select all [on*] between < and >".
Examples :
<h1 onclick=""></h1>
=> Should match
<h1 onnewevent=""></h1>
=> Should match
<h1>onclick=""</h1>
=> Should NOT match
Thanks in advance for your help ;)