docs/04-plugins/removeScripts.mdx
Removes all scripts from the document.
SVGs can be interactive through JavaScript. However, unless the SVG is coming from a trusted source, it's strongly advised to strip off JavaScript to avoid XSS attacks.
:::caution
This will break interactive SVGs that rely on JavaScript.
:::
This plugin performs the following operations:
<script> elements.onload, onclick, and oninput, preserving the element itself.<a> elements, moving children up to the parent element.:::info
Between v3 and v4, the plugin was renamed from removeScriptElement to removeScripts to reflect that it does more than just remove the <script> tag.
:::