htmlawed
v1.0.2
Published
JS port of htmLawed HTML filter library
Downloads
28
Readme
htmLawed
This is a JS rewrite of a safe HTML sanitizer "htmLawed", http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/
It is safe against almost all possible XSS vectors; see test cases in htmLawed_TESTCASE.txt and rsnake_xss.txt.
Code is awful, but it works :D
Version corresponds to 1.2.4.1
Install
npm install htmlawed
Basic usage
const htmlawed = require('htmlawed');
var safe = htmlawed.sanitize('<html code>', { safe: 1 });
Config options
The same config as in the original PHP version is supported. See documentation here:
http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s2.2
The most interesting options are:
safe
: sanitize against most XSSelements
: space-delimited allowed HTML elements with '+' or '-' in front. for example,* +style
means "allow all standard elements and <style> element".keep_bad
: what to do with bad tags (6 is the default)- 0 = remove them
- 1 = escape tags and element content (replace < > to < >)
- 2 = remove tags, escape element content
- 3, 4 = like 1, 2 but remove if text (#PCDATA) is invalid in parent element
- 5, 6 = like 3, 4 but leave space characters in place
parent
: supposed parent element that will be wrapped around content- `tidy: -1 = compact/uglify HTML, 0 = no change (default), 1 = tify/beautify HTML
abs_url
: -1 = make relative, 0 = no change (default), 1 = make absolutebase_url
: base URL forabs_url
to work if not 0
License
LGPL, because it's a rewrite of the original LGPL-licensed library.
Copyright (c) 2016+ Vitaliy Filippov (vitalif ~ mail.ru)