@types/dompurify

What is @types/dompurify?

The @types/dompurify package provides TypeScript type definitions for DOMPurify, a DOM-only XSS sanitizer for HTML, MathML, and SVG. It allows developers to use DOMPurify in TypeScript projects with type checking and autocompletion features.

What are @types/dompurify's main functionalities?

Sanitizing HTML strings

This feature allows you to sanitize HTML strings to prevent XSS attacks. The sanitize function removes any malicious code from the input string.

import DOMPurify from 'dompurify';
const cleanHTML = DOMPurify.sanitize('<img src=x onerror=alert(1)//>');

Configuring DOMPurify

This feature allows you to configure DOMPurify to customize the sanitization process, such as specifying which tags are allowed.

import DOMPurify from 'dompurify';
const cleanHTML = DOMPurify.sanitize(dirtyHTML, { ALLOWED_TAGS: ['a', 'p'] });

Hooking into DOMPurify

This feature allows you to add hooks to DOMPurify's sanitization process, enabling you to manipulate nodes or their attributes after sanitization.

import DOMPurify from 'dompurify';
DOMPurify.addHook('afterSanitizeAttributes', (node) => {
  // manipulate node attributes after sanitization
});

Other packages similar to @types/dompurify

sanitize-html

sanitize-html is an HTML sanitizer that is similar to DOMPurify. It also removes unwanted HTML and protects from XSS attacks but is not limited to the DOM and can be used on the server-side with Node.js.

xss

xss is another package that provides protection against XSS attacks. It includes a range of options for filtering and customizing the sanitization process, similar to DOMPurify, but it has a different API and may have different default settings.

README

This is a stub types definition for @types/dompurify (https://github.com/cure53/DOMPurify).

dompurify provides its own type definitions, so you don't need @types/dompurify installed!