Socket
Socket
Sign inDemoInstall

ember-purify

Package Overview
Dependencies
5
Maintainers
1
Versions
15
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

ember-purify

Ember addon to help purify DOM content


Version published
Maintainers
1
Weekly downloads
141
increased by50%

Weekly downloads

Readme

Source

Ember-purify

Travis CI Build Status Ember Observer Score

When you need to render user provided HTML content but don't want to trust the user content with Ember's Ember.String.htmlSafe or {{{ }}}. Uses DOMPurify to sanitize HTML & SVG. I strongly recommend you watch the video linked under the inspiration section. See XSS in action in Ember in this twiddle.

You can also run ember serve to see the above mentioned approaches along with the purify-dom helper. Inspect the DOM on all three broken images to see the difference.

Installation

ember install ember-purify

Usage

For templates,

{{purify-dom '<img src="missing-image.png" onerror=alert(1)//>'}}

will render

<img src="missing-image.png">

To use it in js,

import { sanitize } from 'dompurify';

Note that global config isn't applied to the functions imported in JS.

Details on DOMPurify, the underlying library can be found in its README

Configuration

To configure the purify helper globally in your app's config/environment.js,

ENV.APP.purify = {
  // Refer to various config options in DOMPurify's README
};

In addition to the global configuration you can also pass the config to the helper which can either be merged to the global config(by default) or replaced(by passing overrideConfig=true)

{{purify-dom "<img src='google.com' data-something='dangerous'>" config=(hash ALLOW_DATA_ATTR=false) overrideConfig=true}}

Inspiration

Securing your EmberJS Application talk By Philippe De Ryck.

Installation

  • git clone <repository-url> this repository
  • cd ember-purify
  • npm install or yarn

Running

Running Tests

  • npm test (Runs ember try:each to test your addon against multiple Ember versions)
  • ember test
  • ember test --server

Building

  • ember build

For more information on using ember-cli, visit http://ember-cli.com/.

Keywords

FAQs

Last updated on 04 Mar 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc