We've all heard of (or perhaps even experienced) cross-site scripting (XSS) attacks, where evil minded attackers try to inject client-side script or SQL statements into web pages. This could be done to gain access to session cookies or database data, or to get elevated access-privileges to sensitive page content. To verify an HTML document and produce a new HTML document that preserves only whatever tags are designated safe is called sanitizing the HTML.
Look at the web project
sanitization. Run the following script and see how the text content and default sanitization works:
var elem1 = new Element.html('<div class="foo">content</div>'); document.body.children.add(elem1); ...