Vitaliy Filippov 9b0eface1e | ||
---|---|---|
.babelrc | ||
.eslintrc.js | ||
README.md | ||
htmLawed.js | ||
htmLawed.src.js | ||
htmLawed_TESTCASE.txt | ||
htmLawed_TESTCASE_out.htm | ||
package.json | ||
rsnake_xss.txt | ||
test.js |
README.md
htmLawed
This is a JS rewrite of a very good and safe htmLawed HTML sanitizer, http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/
It is safe against almost all possible XSS vectors; see test cases in htmLawed_TESTCASE.txt and rsnake_xss.txt.
Install
npm install htmlawed
Basic usage
const htmlawed = require('htmlawed');
var safe = htmlawed.sanitize('<html code>', { safe: 1 });
Config options
The same config as in the original PHP version is supported. See documentation here:
http://www.bioinformatics.org/phplabware/internal_utilities/htmLawed/htmLawed_README.htm#s2.2
The most interesting options are:
safe
: sanitize against most XSSelements
: space-delimited allowed HTML elements with '+' or '-' in front. for example,* +style
means "allow all standard elements and