Sanitizer: removeAttribute() method

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The removeAttribute() method of the Sanitizer interface sets an attribute to be disallowed on all elements.

The specified attribute is added to the list of removeAttributes in this sanitizer's configuration. The attribute is removed from the attributes list if present.

Note that to allow/disallow attributes only on specific elements use Sanitizer.allowElement().

Syntax

js
removeAttribute(attribute)

Parameters

attribute

A string indicating the name of the attribute to be disallowed globally on elements, or an object with the following properties:

name

A string containing the name of the attribute.

namespace Optional

A string containing the namespace of the attribute, which defaults to null.

Returns

None (undefined).

Examples

How to disallow specific attributes

This example shows how removeAttribute() is used to specify that an attribute is should be removed from elements.

JavaScript

The code first creates a new Sanitizer object that initially specifies no attributes or elements. We then call removeAttribute() with the attributes title and mathcolor.

js
// Create sanitizer that allows
const sanitizer = new Sanitizer({
  removeAttributes: [],
});

// Remove the title attribute
sanitizer.removeAttribute("title");
// Remove the mathcolor attribute
sanitizer.removeAttribute("mathcolor");

// Log the sanitizer configuration
let sanitizerConfig = sanitizer.get();
log(JSON.stringify(sanitizerConfig, null, 2));

Results

The final configuration is logged below. Note how both attributes are now added to the removeAttributes list (these attributes will removed if present on elements when the sanitizer is used).

Specifications

Specification
HTML Sanitizer API
# dom-sanitizer-removeattribute

Browser compatibility