cockblock
Advanced tools
Readme
Simple whitelist-based html sanitizer inspired by the SanitizationFilter
in GitHub's html-pipeline library.
Works in node (through cheerio) and in the browser (through jquery), and weighs in ~ 2kb minimized.
var cockblock = require("cockblock");
cockblock(html[, options]); // Returns sanitized html
cockblock.url(url[, options]); // Returns sanitized url
In the browser, just include jquery and cockblock.js:
<script src="path/to/jquery.js" type="text/javascript"></script>
<script src="path/to/cockblock.js" type="text/javascript"></script>
The library comes with a sensible set of defaults. You can override them
through cockblock.defaults or simply pass the options inline.
// Simplified example that only permits <a>, <em> and <strong> elements.
// Titles are permitted on all elements and links can also include href.
// Only absolute http(s) links are permitted.
cockblock.defaults = {
elements: ["a", "em", "strong"],
attributes: {
"a": ["href"],
"all": ["title"]
},
protocols: /^(http|https)/i
};
See lib/cockblock.js for the default set of allowed elements, attributes, and supported protocols.
Want to contribute? Great! Open an issue if you've found a bug, and pull requests are always welcome.
git clone https://github.com/kumu/cockblock && cd cockblock
npm install -g mocha
npm install
make test # run tests within console / cheerio
make test-browser # run tests within browser / jquery
FAQs
Keep your pants on, xss
The npm package cockblock receives a total of 1 weekly downloads. As such, cockblock popularity was classified as not popular.
We found that cockblock demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.