svenMinio/jBase-2
svenMinio/jBase-2
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
jBase-2/wiki/DOM-Content.md
svenMinio 1fa6d558c7 Upload files to "/"
2026-05-17 12:39:25 +02:00

3.5 KiB
Raw Permalink Blame History

.html

Description Gets the HTML contents of the first element in the set, or sets the HTML contents of every matched element.

🛡️ Security by Default: When setting HTML, jBase automatically strips dangerous inline event handlers (like onerror) and malicious protocols (like href="javascript:...") to mitigate XSS attacks. Embedded <script> tags are placed into the DOM but are not executed by the browser.

⚙️ Executing Scripts: If you are injecting trusted content that contains <script> tags which must be executed, you can pass the executeScripts: true flag.

Parameters

  • content (String, optional): The HTML string to set. If omitted, the method acts as a getter.
  • options (Object, optional): Configuration options for the injection.
    • executeScripts (Boolean): If true, jBase will extract, execute, and evaluate any <script> tags found in the injected HTML string. Default is false.

Returns

  • (String): The inner HTML of the first matched element (if used as a getter).
  • (jBase): The current instance for chaining (if used as a setter).

Examples

// 1. GETTER: Retrieve HTML
const content = $('#container').html();

// 2. SETTER (Safe Default): Inject HTML (strips inline events, scripts are ignored)
$('#container').html('<div class="child">Hello</div>');

// 3. SETTER (Trusted Execution): Inject HTML and execute embedded scripts
$('#widget').html('<script>initWidget();</script>', { executeScripts: true });

.text

Description Get the combined text contents of each element in the set of matched elements, including their descendants, or set the text contents of the matched elements.

Parameters

  • content (String, optional): The text to set.

Returns

  • (String): Text content (if getter).
  • (jBase): Current instance (if setter).

Example

$('h1').text('Welcome to jBase');

.load

Description Loads HTML content from a server and automatically injects it into the matched elements. This is an asynchronous wrapper utilizing $.http.getText().

🛡️ Security by Default: When setting HTML, jBase automatically strips dangerous inline event handlers (like onerror) and malicious protocols (like href="javascript:...") to mitigate XSS attacks. Embedded <script> tags are placed into the DOM but are not executed by the browser.

⚙️ Executing Scripts: If you are loading trusted content that contains <script> tags which must be executed upon loading, you can pass the executeScripts: true flag.

Parameters

  • url (String): The URL to fetch the HTML from.
  • options (Object, optional): Standard RequestInit fetch options, extended with jBase specific flags.
    • executeScripts (Boolean): If true, jBase will extract, execute, and evaluate any <script> tags found in the loaded HTML. Default is false.

Returns

  • (Promise): A promise that resolves to the current jBase instance.

Example

// Default: Safe load (no scripts executed, inline events stripped)
await $('#sidebar').load('/partials/sidebar.html');

// Trusted load: Execute scripts found in the fetched HTML
await $('#widget-container').load('/partials/interactive-widget.html', { 
    executeScripts: true 
});