vitalif-js
/
htmlawed
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
JavaScript port of htmLawed HTML filter library
9 Commits
1 Branch
2 Tags
427 KiB
JavaScript 87.1%
HTML 12.9%
 
 
Go to file
Vitaliy Filippov 9b0eface1e add readme 2016-08-27 14:54:38 +03:00
.babelrc add readme 2016-08-27 14:54:38 +03:00
.eslintrc.js Move eslint rule to separate repo 2016-07-05 18:47:27 +03:00
README.md add readme 2016-08-27 14:54:38 +03:00
htmLawed.js add readme 2016-08-27 14:54:38 +03:00
htmLawed.src.js add readme 2016-08-27 14:54:38 +03:00
htmLawed_TESTCASE.txt add custom eslint no-regex-dot plugin, fix htmLawed bugs (now passes XSS test) 2016-07-05 12:47:44 +03:00
htmLawed_TESTCASE_out.htm add some tests, rename hl_bal function arg 2016-07-05 16:15:57 +03:00
package.json add readme 2016-08-27 14:54:38 +03:00
rsnake_xss.txt add some tests, rename hl_bal function arg 2016-07-05 16:15:57 +03:00
test.js add readme 2016-08-27 14:54:38 +03:00

README.md

htmLawed

This is a JS rewrite of a very good and safe htmLawed HTML sanitizer, http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/

It is safe against almost all possible XSS vectors; see test cases in htmLawed_TESTCASE.txt and rsnake_xss.txt.

Install

npm install htmlawed

Basic usage

const htmlawed = require('htmlawed');
var safe = htmlawed.sanitize('<html code>', { safe: 1 });

Config options

The same config as in the original PHP version is supported. See documentation here:

http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s2.2

The most interesting options are:

  • safe: sanitize against most XSS
  • elements: space-delimited allowed HTML elements with '+' or '-' in front. for example, * +style means "allow all standard elements and