removeScripts method

String removeScripts()

Removes <script> tags and JavaScript event handlers from the string.

This method uses regular expressions to remove script tags and attributes that may contain JavaScript event handlers (e.g., onclick, onload).

Example:

var htmlString = '<div onclick="alert(\'Hi\')">Content</div><script>alert("Hi");</script>';
var cleaned = htmlString.removeScripts();
print(cleaned); // Outputs: <div>Content</div>

Returns a string with script tags and JavaScript event handlers removed.

Implementation

String removeScripts() {
  final RegExp scriptTagRegExp =
      RegExp(r'<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>');
  final RegExp scriptAttrRegExp = RegExp(r'(?:\b|_)on\w+');

  // Remove any script tags from the input
  var input = replaceAll(scriptTagRegExp, '');

  // Remove any event handler attributes (e.g. onmousedown, onclick) from all elements
  final StringBuffer sb = StringBuffer();
  int start = 0;
  for (Match match in scriptAttrRegExp.allMatches(input)) {
    sb.write(input.substring(start, match.start));
    start = match.end;
  }
  sb.write(input.substring(start));

  return sb.toString();
}

removeScripts method

Implementation

SafeString extension on String