Help Center/
Huawei Cloud Astro Canvas/
User Guide/
Custom Widget Development Specifications/
Widget Built-in APIs/
Preset APIs of the SafeUtils Security Tool Class
Updated on 2025-03-24 GMT+08:00
Preset APIs of the SafeUtils Security Tool Class
|
API |
Description |
|---|---|
|
Escapes HTML character strings. |
|
|
Perform XSS security filtering on external links to obtain secure absolute URLs. |
escapeHtml()
Escape the HTML character string and obtain the escaped character string for display on the page. The usage method is as follows:
/*
* @param {*} text
*/
The SafeUtils.escapeHtml(text) // method returns the escaped character string.
For example, enter the following character string:
<div data-v-a7e06658="" id="page-view-header" class="page-view-header" style="width: 1920px; height: 0px; overflow: hidden; display: none;"> <div data-v-a7e06658="" class="page-view-header-bottom" style="top: -11px;"></div></div>
The return value after XSS escape is as follows:
<div data-v-a7e06658="" id="page-view-header" class="page-view-header" style="width: 1920px; height: 0px; overflow: hidden; display: none;"> <div data-v-a7e06658="" class="page-view-header-bottom" style="top: -11px;"></div></div>
getSafeUrl()
Perform XSS security filtering on external links to obtain secure absolute URLs. The usage is as follows:
/*
* @param {*} url
*/
SafeUtils.getSafeUrl(url);
SafeUtils.getSafeUrl ('/test.html') //return:https://Domain name of Huawei Cloud Astro Canvas /test.html
SafeUtils.getSafeUrl('javascript:alert(123)') //return:'unsafe:'
Only secure URLs can be accessed. URLs in other formats correspond to unsafe: and cannot be accessed.
Parent topic: Widget Built-in APIs
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
