sanitize-html - npm Package Compare versions

Comparing version 1.11.1 to 1.11.2

package.json

 {
   "name": "sanitize-html",
-  "version": "1.11.1",
+  "version": "1.11.2",
   "description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
@@ -5,0 +5,0 @@ "main": "index.js",

README.md

@@ -25,18 +25,28 @@ # sanitize-html
 
-    npm install sanitize-html
+Install module from console:
 
-    var sanitizeHtml = require('sanitize-html');
+```bash
+npm install sanitize-html
+```
 
-    var dirty = 'some really tacky HTML';
-    var clean = sanitizeHtml(dirty);
+Use it in your node app:
 
+```js
+var sanitizeHtml = require('sanitize-html');
+
+var dirty = 'some really tacky HTML';
+var clean = sanitizeHtml(dirty);
+```
+
 That will allow our default list of allowed tags and attributes through. It's a nice set, but probably not quite what you want. So:
 
-    // Allow only a super restricted set of tags and attributes
-    clean = sanitizeHtml(dirty, {
-      allowedTags: [ 'b', 'i', 'em', 'strong', 'a' ],
-      allowedAttributes: {
-        'a': [ 'href' ]
-      }
-    });
+```js
+// Allow only a super restricted set of tags and attributes
+clean = sanitizeHtml(dirty, {
+  allowedTags: [ 'b', 'i', 'em', 'strong', 'a' ],
+  allowedAttributes: {
+    'a': [ 'href' ]
+  }
+});
+```
 
@@ -47,5 +57,7 @@ Boom!
 
-    clean = sanitizeHtml(dirty, {
-      allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ])
-    });
+```js
+clean = sanitizeHtml(dirty, {
+  allowedTags: sanitizeHtml.defaults.allowedTags.concat([ 'img' ])
+});
+```
 
@@ -56,16 +68,18 @@ If you do not specify `allowedTags` or `allowedAttributes` our default list is applied. So if you really want an empty list, specify one.
 
-    allowedTags: [ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
-      'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
-      'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre' ],
-    allowedAttributes: {
-      a: [ 'href', 'name', 'target' ],
-      // We don't currently allow img itself by default, but this
-      // would make sense if we did
-      img: [ 'src' ]
-    },
-    // Lots of these won't come up by default because we don't allow them
-    selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
-    // URL schemes we permit
-    allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
-    allowedSchemesByTag: {}
+```js
+allowedTags: [ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
+  'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
+  'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre' ],
+allowedAttributes: {
+  a: [ 'href', 'name', 'target' ],
+  // We don't currently allow img itself by default, but this
+  // would make sense if we did
+  img: [ 'src' ]
+},
+// Lots of these won't come up by default because we don't allow them
+selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
+// URL schemes we permit
+allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
+allowedSchemesByTag: {}
+```
 
@@ -77,4 +91,6 @@ #### "What if I want to allow all tags or all attributes?"
 
-    allowedTags: false,
-    allowedAttributes: false
+```js
+allowedTags: false,
+allowedAttributes: false
+```
 
@@ -85,4 +101,6 @@ #### "What if I don't want to allow *any* tags?"
 
-    allowedTags: [],
-    allowedAttributes: []
+```js
+allowedTags: [],
+allowedAttributes: []
+```
 
@@ -113,6 +131,6 @@ ### Wildcards for attributes
 clean = sanitizeHtml(dirty, {
-    allowedTags: ['a'],
-    parser: {
-        lowerCaseTags: true
-    }
+  allowedTags: ['a'],
+  parser: {
+    lowerCaseTags: true
+  }
 });
@@ -128,24 +146,28 @@ ```
 
-    clean = sanitizeHtml(dirty, {
-      transformTags: {
-        'ol': 'ul',
-      }
-    });
+```js
+clean = sanitizeHtml(dirty, {
+  transformTags: {
+    'ol': 'ul',
+  }
+});
+```
 
 The most advanced usage:
 
-    clean = sanitizeHtml(dirty, {
-      transformTags: {
-        'ol': function(tagName, attribs) {
-            // My own custom magic goes here
+```js
+clean = sanitizeHtml(dirty, {
+  transformTags: {
+    'ol': function(tagName, attribs) {
+        // My own custom magic goes here
 
-            return {
-                tagName: 'ul',
-                attribs: {
-                    class: 'foo'
-                }
-            };
-        }
-      }
-    });
+        return {
+            tagName: 'ul',
+            attribs: {
+                class: 'foo'
+            }
+        };
+    }
+  }
+});
+```
 
@@ -156,11 +178,15 @@ You can specify the `*` wildcard instead of a tag name to transform all tags.
 
-    clean = sanitizeHtml(dirty, {
-      transformTags: {
-        'ol': sanitizeHtml.simpleTransform('ul', {class: 'foo'}),
-      }
-    });
+```js
+clean = sanitizeHtml(dirty, {
+  transformTags: {
+    'ol': sanitizeHtml.simpleTransform('ul', {class: 'foo'}),
+  }
+});
+```
 
 The `simpleTransform` helper method has 3 parameters:
 
-    simpleTransform(newTag, newAttributes, shouldMerge)
+```js
+simpleTransform(newTag, newAttributes, shouldMerge)
+```
 
@@ -181,8 +207,8 @@ The last parameter (`shouldMerge`) is set to `true` by default. When `true`, `simpleTransform` will merge the current attributes with the new ones (`newAttributes`). When `false`, all existing attributes are discarded.
 sanitizeHtml(
-    '<p>This is <a href="http://www.linux.org"></a><br/>Linux</p>',
-    {
-        exclusiveFilter: function(frame) {
-            return frame.tag === 'a' && !frame.text.trim();
-        }
+  '<p>This is <a href="http://www.linux.org"></a><br/>Linux</p>',
+  {
+    exclusiveFilter: function(frame) {
+        return frame.tag === 'a' && !frame.text.trim();
     }
+  }
 );
@@ -208,8 +234,8 @@ ```
 sanitizeHtml(
-    '<p>some text...</p>',
-    {
-        textFilter: function(text) {
-            return text.replace(/\.\.\./, '&hellip;');
-        }
+  '<p>some text...</p>',
+  {
+    textFilter: function(text) {
+      return text.replace(/\.\.\./, '&hellip;');
     }
+  }
 );
@@ -240,3 +266,5 @@ ```
 
+```js
 [ 'http', 'https', 'ftp', 'mailto' ]
+```
 
@@ -259,6 +287,6 @@ You can override this if you want to:
 ```javascript
-  allowedSchemes: [ 'http', 'https' ],
-  allowedSchemesByTag: {
-    img: [ 'data' ]
-  }
+allowedSchemes: [ 'http', 'https' ],
+allowedSchemesByTag: {
+  img: [ 'data' ]
+}
 ```
@@ -277,3 +305,3 @@
 ```javascript
-  nonTextTags: [ 'style', 'script', 'textarea', 'noscript' ]
+nonTextTags: [ 'style', 'script', 'textarea', 'noscript' ]
 ```
@@ -285,2 +313,4 @@
 
+1.11.2: fixed README typo that interfered with readability due to markdown issues. No code changes. Thanks to Mikael Korpela. Also improved code block highlighting in README. Thanks to Alex Siman.
+
 1.11.1: fixed a regression introduced in 1.11.0 which caused the closing tag of the parent of a `textarea` tag to be lost. Thanks to Stefano Sala, who contributed the missing test.
@@ -294,3 +324,3 @@
 
-1.9.0: `parser` option allows options to be passed directly to `htmlparser2. Thanks to Danny Scott.
+1.9.0: `parser` option allows options to be passed directly to `htmlparser`. Thanks to Danny Scott.
 
@@ -382,1 +412,3 @@ 1.8.0:
 <a href="http://punkave.com/"><img src="https://raw.github.com/punkave/sanitize-html/master/logos/logo-box-builtby.png" /></a>
+
+

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

51835

increased by0.19%

Number of lines in readme file

399

increased by8.72%

No dependency changes