What is @types/sanitize-html?
@types/sanitize-html provides TypeScript type definitions for the sanitize-html library, which is used to sanitize HTML input by removing potentially dangerous elements and attributes.
What are @types/sanitize-html's main functionalities?
Basic HTML Sanitization
This feature allows you to sanitize a string of HTML by removing any potentially dangerous elements like <script> tags.
const sanitizeHtml = require('sanitize-html');
const dirty = '<script>alert("xss")</script><div>Safe content</div>';
const clean = sanitizeHtml(dirty);
console.log(clean); // Output: <div>Safe content</div>
Customizing Allowed Tags and Attributes
This feature allows you to specify which HTML tags and attributes are allowed in the sanitized output.
const sanitizeHtml = require('sanitize-html');
const dirty = '<a href="http://example.com" onclick="stealCookies()">Click me</a>';
const clean = sanitizeHtml(dirty, {
allowedTags: [ 'a' ],
allowedAttributes: {
'a': [ 'href' ]
}
});
console.log(clean); // Output: <a href="http://example.com">Click me</a>
Transforming Tags
This feature allows you to transform specific tags in the HTML input, such as changing the src attribute of img tags.
const sanitizeHtml = require('sanitize-html');
const dirty = '<img src="http://example.com/image.jpg" />';
const clean = sanitizeHtml(dirty, {
transformTags: {
'img': sanitizeHtml.simpleTransform('img', { 'src': 'https://example.com/placeholder.jpg' })
}
});
console.log(clean); // Output: <img src="https://example.com/placeholder.jpg">
Other packages similar to @types/sanitize-html
dompurify
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG. It is similar to sanitize-html but focuses on being very fast and tolerant of different input types.
xss
xss is a module used to filter input from users to prevent XSS attacks. It is similar to sanitize-html but offers more configuration options and a different API for defining allowed tags and attributes.
html-sanitizer
html-sanitizer is a lightweight HTML sanitizer that removes potentially dangerous elements and attributes. It is similar to sanitize-html but is designed to be simpler and more lightweight.
Installation
npm install --save @types/sanitize-html
Summary
This package contains type definitions for sanitize-html (https://github.com/punkave/sanitize-html).
Details
Files were exported from https://github.com/DefinitelyTyped/DefinitelyTyped/tree/master/types/sanitize-html.
Additional Details
- Last updated: Mon, 25 Sep 2023 13:39:06 GMT
- Dependencies: @types/htmlparser2
- Global values: none
Credits
These definitions were written by Rogier Schouten, Afshin Darian, Rinze de Laat, Johan Davidsson, Jianrong Yu, GP, Dariusz Syncerek, Piotr Błażejewicz, Pirasis Leelatanon, and Alex Rantos.