Sanitize a style attribute value by removing dangerous declarations
while preserving safe ones.
Splits the value on semicolons into individual declarations, checks
each declaration's value via isDangerousCssValue, and drops
any that fail. Also blocks the -moz-binding and behavior
property names directly.
The original formatting is preserved: if the input ended with a
semicolon, the output will too (matching Wikidot's pass-through
behavior for user-authored styles).
Parameters
style: string
The raw style attribute value.
Returns string
The sanitized style string with dangerous declarations removed,
or an empty string if nothing is safe.
Sanitize a
styleattribute value by removing dangerous declarations while preserving safe ones.Splits the value on semicolons into individual declarations, checks each declaration's value via isDangerousCssValue, and drops any that fail. Also blocks the
-moz-bindingandbehaviorproperty names directly.The original formatting is preserved: if the input ended with a semicolon, the output will too (matching Wikidot's pass-through behavior for user-authored styles).