sanitize-html - npm Package Compare versions

Comparing version 1.1.3 to 1.1.4

index.js

@@ -46,2 +46,3 @@ var htmlparser = require('htmlparser2');
   var depth = 0;
+  var stack = [];
   var skipMap = {};
@@ -52,2 +53,9 @@ var transformMap = {};
     onopentag: function(name, attribs) {
+      stack.push({
+          tag: name,
+          attribs: attribs,
+          text: '',
+          tagPosition: result.length
+      });
+
       var skip = false;
@@ -104,2 +112,6 @@ if (_.has(transformTagsMap, name)) {
       }
+      if (depth) {
+          var frame = stack[depth - 1];
+          frame.text += text;
+      }
       // It is NOT actually raw text, entities are already escaped.
@@ -110,2 +122,3 @@ // If we call escapeHtml here we wind up double-escaping.
     onclosetag: function(name) {
+      var frame = stack.pop();
       skipText = false;
@@ -125,2 +138,6 @@ depth--;
       }
+      if (options.exclusiveFilter && options.exclusiveFilter(frame)) {
+         result = result.substr(0, frame.tagPosition);
+         return;
+      }
       result += "</" + name + ">";
@@ -127,0 +144,0 @@ }

package.json

 {
   "name": "sanitize-html",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
@@ -5,0 +5,0 @@ "main": "index.js",

README.md

@@ -113,3 +113,21 @@ # sanitize-html
 
+### Filters
+
+You can provide a filter function to remove unwanted tags. Let's suppose we need to remove empty `a` tags like 
+```html
+<a href="page/html"></a>
+```
+```javascript
+sanitizeHtml(
+    '<p>This is <a href="http://www.linux.org"></a><br/>Linux</p>',
+    {
+        exclusiveFilter: function(frame) {
+            return frame.tag === 'a' && !frame.text.trim();
+        }
+    }
+);
+```
+
 ## Changelog
+1.1.4: custom exclusion filter.
 
@@ -116,0 +134,0 @@ 1.1.3: moved to lodash. 1.1.2 pointed to the wrong version of lodash.

test/test.js

@@ -86,3 +86,14 @@ var assert = require("assert");
   });
+  it('should skip empty a', function() {
+        assert.equal(
+            sanitizeHtml('<p>This is <a href="http://www.linux.org"></a><br/>Linux</p>',
+            {
+                exclusiveFilter : function(frame) {
+                    return frame.tag === 'a' && !frame.text.trim();
+                }
+            }),
+            '<p>This is <br />Linux</p>'
+        );
+  });
 });
 

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

25544

increased by5.08%

Lines of code

293

increased by10.15%

Number of lines in readme file

165

increased by12.24%

No dependency changes