Hi,
I am trying to load Wikipedia page into my extension. My extension was rejected as I am injecting html code from ajax calls without sanitizing. The problem here is the json i get back from wiki looks like below
'{ *: "<div class="mf-section-0" id="mf-section-0"><table style="margin:0 0 1em 1em; float:right; text-align:center; width:20em;" class="toccolours vevent"><tr><td colspan="4" style="padding:0 1em;border-bottom:1px #aaa solid;"><b><span class="summary"><span class="dtstart">2016</span> <a href="/wiki/NASCAR_Sprint_Cup_Series" class="mw-redirect" title="NASCAR Sprint Cup Series">NASCAR Sprint Cup Series</a></span></b></td> </tr><tr style="vertical-align:top"><td style="text-align:right; width:auto;">Previous:</td> <td style="text-align:left"><a href="/wiki/2015_NASCAR_Sprint_Cup_Series" title="2015 NASCAR Sprint Cup Series">2015</a></td> <td style="text-align:right; width:auto;">Next:</td> <td style="text-align:left"><a href="/wiki/2017_NASCAR_Cup_Series" title="2017 NASCAR Cup Series">2017</a></td> </tr><tr><td colspan="4" style="font-size:90%;"> <center><a href="/wiki/List_of_NASCAR_Sprint_Cup_Series_champions" title="List of NASCAR Sprint Cup Series champions">Champions</a> | <a href="/wiki"[…] }'
First Option: I can replace most of the problem tags using regex including
script, style, head, body, title, and iframe
here I am formatting the html string and removing all anchor(ie href) tags
str = str.replace(/(\n)|({"*":")|(<a.*?>)|(<[/]a>)|("})|(\)/gmi,‘’);
Second option: create a html doc using DOMParser() in memory and remove not required tags(script, style, head, body, title, and iframe) and any attribute that starts with on***() and finally append html to main document
Please suggest an option which will not fail review for not sanitizing, any help in this matter is appreciated.