StripJs.clean_css
You're seeing just the function
clean_css
, go back to StripJs module for more information.
Specs
Removes JS vectors from the given CSS string; i.e., the contents of a
stylesheet or <style>
tag.
Does not HTML-escape its output. Care is taken to maintain valid CSS syntax.
Example:
iex> css = "tt { background-color: expression('alert()'); }"
iex> StripJs.clean_css(css)
"tt { background-color: removed_by_strip_js('alert()'); }"
Warning: this step is performed using regexes, not a parser, so it is
possible for innocent CSS containing either of the strings javascript:
or expression(
to be mangled.