Comparing version 0.1.4 to 0.2.0
@@ -7,2 +7,4 @@ /* | ||
var fs = require('fs'); | ||
var bleach = { | ||
@@ -42,2 +44,3 @@ | ||
}; | ||
if (!attr.value) delete attr.value; | ||
if (attr.name) attrs.push(attr); | ||
@@ -59,2 +62,3 @@ }); | ||
sanitize: function(html, options) { | ||
html = String(html) || ''; | ||
options = options || {}; | ||
@@ -84,28 +88,36 @@ | ||
youtube: function(html) { | ||
if (!html) throw Error('You must pass in HTML as an argument.'); | ||
if (typeof html != 'string') throw Error('HTML must be a string.'); | ||
filter: function(html, filters) { | ||
html = String(html) || ''; | ||
var match, | ||
matches = [], | ||
regex = /<object(.*)src="(http:\/\/www.youtube.com)?\/(v\/([-|~_0-9A-Za-z]+)|watch\?v\=([-|~_0-9A-Za-z]+)&?.*?).*<\/object>/gi; | ||
if (!filters) return; | ||
while (match = regex.exec(html)) { | ||
matches.push(match); | ||
} delete match; | ||
var available = fs.readdirSync(__dirname + '/../filters'); | ||
matches.forEach(function(match){ | ||
var full = match[0], | ||
id = match[4]; | ||
if (Array.isArray(filters)) { | ||
for (var i in filters) { | ||
if (typeof filters[i] == 'function') { | ||
html = filters[i](html); | ||
} else { | ||
var file = filters[i] + '.js'; | ||
for (var j in available) { | ||
if (file == available[j]) { | ||
html = require('../filters/' + file)(html); | ||
} | ||
} | ||
} | ||
} | ||
return html; | ||
} else if (typeof filters == 'string') { | ||
var file = filters + '.js'; | ||
for (var i in available) { | ||
if (file == available[i]) { | ||
html = require('../filters/' + file)(html); | ||
return html; | ||
} | ||
} | ||
} else if (typeof filters == 'function') { | ||
html = filters(html); | ||
return html; | ||
} else return html; | ||
var rep = '<iframe type="text/html" ' | ||
+ 'frameborder="0" ' | ||
+ 'scrolling="no" ' | ||
+ 'allowfullscreen ' | ||
+ 'src="http://youtube.com/embed/' + id + '"></iframe>'; | ||
html = html.replace(full, rep); | ||
}); | ||
return html; | ||
} | ||
@@ -112,0 +124,0 @@ |
@@ -5,3 +5,3 @@ { | ||
"description": "A minimalistic HTML sanitizer", | ||
"version": "0.1.4", | ||
"version": "0.2.0", | ||
"homepage": "https://github.com/ecto/bleach/issues", | ||
@@ -8,0 +8,0 @@ "repository": { |
@@ -84,10 +84,54 @@ # bleach | ||
### bleach.youtube(html) | ||
### bleach.filter(html, filters) | ||
Convert valid YouTube flash embeds into HTML5-compliant iframe embeds. | ||
SEXY FUN TIME | ||
````javascript | ||
var html = bleach.youtube(html); | ||
var nyanFilter = function(input){ | ||
return input.replace('cats', 'nyannyannyan'); | ||
} | ||
console.log( | ||
bleach.filter('cats', nyanFilter) | ||
); | ||
// nyannyannyan | ||
```` | ||
````javascript | ||
var cutFilter = function(input){ | ||
return input.slice(0, 3); | ||
} | ||
console.log( | ||
bleach.filter('cats', [ | ||
nyanFilter, | ||
cutFilter | ||
]) | ||
); | ||
// nyan | ||
```` | ||
You may also define longer filters and include them in the ./node_modules/bleach/filters directory. | ||
A sample filter is included to convert YouTube flash embed objects to iDevice-compatible YouTube iframes. | ||
````javascript | ||
var html = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="420" height="315" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><param name="src" value="http://www.youtube.com/v/aU079Mdkenw?version=3&hl=en_US"><param name="allowfullscreen" value="true"><embed type="application/x-shockwave-flash" width="420" height="315" src="http://www.youtube.com/v/aU079Mdkenw?version=3&hl=en_US" allowscriptaccess="always" allowfullscreen="true" id="s_media_1_0" name="s_media_1_0"></object>'; | ||
console.log( | ||
bleach.filter(html, 'youtube') | ||
); | ||
// <iframe type="text/html" frameborder="0" scrolling="no" allowfullscreen src="http://youtube.com/embed/aU079Mdkenw"></iframe> | ||
```` | ||
Refer to the filters directory for the template. | ||
## license | ||
@@ -94,0 +138,0 @@ |
@@ -12,12 +12,7 @@ var vows = require('vows'), | ||
}, | ||
'requires input': function(analyze) { | ||
assert.throws(function(){ | ||
analyze(); | ||
}, Error); | ||
'returns blank array on invalid or missing input': function(analyze) { | ||
assert.deepEqual(analyze({}), []); | ||
assert.deepEqual(analyze([]), []); | ||
assert.deepEqual(analyze(''), []); | ||
}, | ||
'only accepts strings as HTML input': function(analyze) { | ||
assert.throws(function(){ | ||
analyze(Object); | ||
}, Error); | ||
}, | ||
'finds self-closing tags': function(analyze){ | ||
@@ -39,7 +34,2 @@ assert.ok(analyze('<input type="text" />').length > 0); | ||
}, | ||
'requires html to be passed in': function(sanitize){ | ||
assert.throws(function(){ | ||
sanitize(); | ||
}, Error); | ||
}, | ||
'does not require options to be passed in': function(sanitize){ | ||
@@ -53,6 +43,6 @@ assert.doesNotThrow(function(){ | ||
}, | ||
'only accepts strings as HTML input': function(sanitize) { | ||
assert.throws(function(){ | ||
sanitize(Object); | ||
}, Error); | ||
'returns blank string on invalid or missing input': function(analyze) { | ||
assert.isString(analyze({})); | ||
assert.isString(analyze([])); | ||
assert.isString(analyze('')); | ||
}, | ||
@@ -82,30 +72,47 @@ 'whitelist is respected': function(sanitize){ | ||
'bleach.youtube(html)': { | ||
topic: function(){ return bleach.youtube; }, | ||
'is a function': function(sanitize) { | ||
assert.equal(typeof sanitize, 'function'); | ||
'bleach.filter(html)': { | ||
topic: function(){ return bleach.filter; }, | ||
'is a function': function(filter) { | ||
assert.equal(typeof filter, 'function'); | ||
}, | ||
'requires html to be passed in': function(youtube){ | ||
assert.throws(function(){ | ||
youtube(); | ||
'allows array or string to be passed in': function(filter){ | ||
assert.doesNotThrow(function(){ | ||
filter([]); | ||
filter(''); | ||
}, Error); | ||
}, | ||
'returns a string': function(youtube) { | ||
assert.isString(youtube(' ')); | ||
'returns a string': function(filter) { | ||
assert.isString(filter(' ', 'youtube')); | ||
}, | ||
'only accepts strings as HTML input': function(youtube) { | ||
assert.throws(function(){ | ||
youtube(Object); | ||
}, Error); | ||
'allow function to be passed in': function(filter){ | ||
var nyanFilter = function(html){ | ||
return 'nyan'; | ||
} | ||
assert.equal(filter('nyannyannyan', nyanFilter), 'nyan'); | ||
}, | ||
'converts a youtube flash object to an iframe': function(youtube){ | ||
'allow array of functions to be passed in': function(filter){ | ||
var filters = [ | ||
function(html){ | ||
return 'nyan'; | ||
}, | ||
function(html){ | ||
return html + html; | ||
} | ||
]; | ||
assert.equal(filter('nyannyannyan', filters), 'nyannyan'); | ||
}, | ||
}, | ||
'included youtube filter': { | ||
topic: function(){ return bleach.filter; }, | ||
'converts a youtube flash object to an iframe': function(filter){ | ||
var input = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="420" height="315" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><param name="src" value="http://www.youtube.com/v/aU079Mdkenw?version=3&hl=en_US"><param name="allowfullscreen" value="true"><embed type="application/x-shockwave-flash" width="420" height="315" src="http://www.youtube.com/v/aU079Mdkenw?version=3&hl=en_US" allowscriptaccess="always" allowfullscreen="true" id="s_media_1_0" name="s_media_1_0"></object>', | ||
output = '<iframe type="text/html" frameborder="0" scrolling="no" allowfullscreen src="http://youtube.com/embed/aU079Mdkenw"></iframe>'; | ||
assert.equal(youtube(input), output); | ||
assert.equal(filter(input, 'youtube'), output); | ||
}, | ||
'ignores non-youtube flash objects': function(youtube){ | ||
'ignores non-youtube flash objects': function(filter){ | ||
var input = '<object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="420" height="315" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,40,0"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><param name="src" value="http://www.youtube.com/v/aU079Mdkenw?version=3&hl=en_US"><param name="allowfullscreen" value="true"><embed type="application/x-shockwave-flash" width="420" height="315" src="http://google.com/asdf" allowscriptaccess="always" allowfullscreen="true" id="s_media_1_0" name="s_media_1_0"></object>'; | ||
assert.equal(youtube(input), input); | ||
assert.equal(filter(input, 'youtube'), input); | ||
}, | ||
@@ -112,0 +119,0 @@ } |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Dynamic require
Supply chain riskDynamic require can indicate the package is performing dangerous or unsafe dynamic code execution.
Found 1 instance in 1 package
Filesystem access
Supply chain riskAccesses the file system, and could potentially read sensitive data.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
12753
236
147
3