npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

ember-purify

v5.0.1

Published

Ember addon to help purify DOM content

Downloads

453

Readme

Ember-purify

Travis CI Build Status Ember Observer Score

When you need to render user provided HTML content but don't want to trust the user content with Ember's Ember.String.htmlSafe or {{{ }}}. Uses DOMPurify to sanitize HTML & SVG. I strongly recommend you watch the video linked under the inspiration section. See XSS in action in Ember in this twiddle.

You can also run ember serve to see the above mentioned approaches along with the purify-dom helper. Inspect the DOM on all three broken images to see the difference.

Installation

ember install ember-purify

Usage

For templates,

{{purify-dom '<img src="missing-image.png" onerror=alert(1)//>'}}

will render

<img src="missing-image.png">

To use it in js,

import { sanitize } from 'dompurify';

Note that global config isn't applied to the functions imported in JS.

Details on DOMPurify, the underlying library can be found in its README

Configuration

To configure the purify helper globally in your app's config/environment.js,

ENV.APP.purify = {
  // Refer to various config options in DOMPurify's README
};

In addition to the global configuration you can also pass the config to the helper which can either be merged to the global config(by default) or replaced(by passing overrideConfig=true)

{{purify-dom "<img src='google.com' data-something='dangerous'>" config=(hash ALLOW_DATA_ATTR=false) overrideConfig=true}}

Inspiration

Securing your EmberJS Application talk By Philippe De Ryck.

Installation

  • git clone <repository-url> this repository
  • cd ember-purify
  • npm install or yarn

Running

Running Tests

  • npm test (Runs ember try:each to test your addon against multiple Ember versions)
  • ember test
  • ember test --server

Building

  • ember build

For more information on using ember-cli, visit http://ember-cli.com/.