How to remove unsafe contents of WYSIWYG editors before use it?

How to remove unsafe contents of WYSIWYG editors like script tags or iframe tags and events of other tags before use it?

<script>
// Dangerous contents
</script>

<iframe>
// bad web pages
</iframe>

<span onclick="javascript://do bad work here !!!">click me</span>

Solution

You shouldn't try to write such protection on your own.

Specially, you should NOT place the protection on the client side (javascript), but use instead a server side filtering like http://htmlpurifier.org/

How to list the properties of a JavaScript object?
You're importing a component that needs useState. It only works in a Client Component, but none of its parents are marked with "use client"
Polyfill for TextDecoder
How to display an image in HTML via a JSON file using Javascript
What is the purpose of the dollar sign in JavaScript?
Importing ethers via Hardhat fails despite official testing documentation
Using http methods with django rest framework
Is there a way to create dynamic ranges given an array of values, and counting how many belong to each range
Get audio.duration with JavaScript from URL
How do I programmatically set the value of a select box element using JavaScript?
Triggering a file download without any server request
How to access the request body when POSTing using Node.js and Express?
How can I how one div and hide multiple others with jQuery?
Printing only a textarea
Finding min and max in array Javascript
Javascript - Copy to clipboard without concrete Id in HTML tag
Finding the FORM that an element belongs to in JavaScript
Where to save a JWT in a browser-based application and how to use it
Trim an audio file using javascript (first 3 seconds)
Failed to execute 'atob' on 'Window'
How to render my web component before connectedCallback but after constructor?
Javascript: How to read a hand held barcode scanner best?
How to count all objects in an array that match a condition?
Split address and numbers
why I can't delete .next folder in nextjs project
handsontable unfreeze a column and return to original position
Is this a redirect or not?
Why `[1, 2, 3]` is not showing as an `Array(3)` in Console?
Large numbers in React
Dark & Light Mode: How to switch manifest and favicon?