sanitize-html
Advanced tools
sanitize-html - npm Package Compare versions
Comparing version 0.1.4 to 1.0.0
13
index.js
@@ -13,2 +13,9 @@ var htmlparser = require('htmlparser2'); | ||
| } | ||
| // Tags that contain something other than HTML. If we are not allowing | ||
| // these tags, we should drop their content too. For other tags you would | ||
| // drop the tag but keep its content. | ||
| var nonTextTagsMap = { | ||
| script: true, | ||
| style: true | ||
| }; | ||
| var allowedTagsMap = {}; | ||
@@ -34,8 +41,8 @@ _.each(options.allowedTags, function(tag) { | ||
| onopentag: function(name, attribs) { | ||
| if (name === 'script') { | ||
| skipText = true; | ||
| } | ||
| var skip = false; | ||
| if (!_.has(allowedTagsMap, name)) { | ||
| skip = true; | ||
| if (_.has(nonTextTagsMap, name)) { | ||
| skipText = true; | ||
| } | ||
| skipMap[depth] = true; | ||
@@ -42,0 +49,0 @@ } |
| { | ||
| "name": "sanitize-html", | ||
| "version": "0.1.4", | ||
| "version": "1.0.0", | ||
| "description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis", | ||
@@ -27,2 +27,2 @@ "main": "index.js", | ||
| } | ||
| } | ||
| } |
@@ -11,3 +11,3 @@ # sanitize-html | ||
| If a tag is not permitted, the contents of the tag are still kept, except for script tags. | ||
| If a tag is not permitted, the contents of the tag are still kept, except for script and style tags. | ||
@@ -73,2 +73,6 @@ The syntax of poorly closed `p` and `img` elements is cleaned up. | ||
| 1.0.0: If the style tag is disallowed, then its content should be dumped, so that it doesn't appear as text. We were already doing this for script tags, however in both cases the content is now preserved if the tag is explicitly allowed. | ||
| We're rocking our tests and have been working great in production for months, so: declared 1.0.0 stable. | ||
| 0.1.3: do not double-escape entities in attributes or text. Turns out the "text" provided by htmlparser2 is already escaped. | ||
@@ -75,0 +79,0 @@ |
@@ -37,2 +37,5 @@ var assert = require("assert"); | ||
| }); | ||
| it('should drop the content of style elements', function() { | ||
| assert.equal(sanitizeHtml('<style>.foo { color: blue; }</style><p>Paragraph</p>'), '<p>Paragraph</p>'); | ||
| }); | ||
| it('should preserve entities as such', function() { | ||
@@ -39,0 +42,0 @@ assert.equal(sanitizeHtml('<a name="<silly>"><Kapow!></a>'), '<a name="<silly>"><Kapow!></a>'); |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.77%
17605
- Lines of code
- increased by5.92%
179
- Number of low quality alerts
- decreased by-50%
1
- Number of lines in readme file
- increased by4.44%
94