		## Changelog

		1.21.0: new `disallowedTagsMode` option can be set to `escape` to escape disallowed tags rather than discarding them. Any subtags are handled as usual. If you want to recursively escape them too, you can set `disallowedTagsMode` to `recursiveEscape`. Thanks to Yehonatan Zecharia for this contribution.

		1.20.1: Fix failing tests, add CircleCI config
		@@ -4,0 +6,0 @@

package.json

		{
		"name": "sanitize-html",
		"version": "1.20.1",
		"version": "1.21.0",
		"description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
		@@ -10,6 +10,5 @@ "main": "dist/index.js",
		"scripts": {
		"prepare": "true",
		"build": "make clean && make all && npm run prepare && browserify dist/index.js > dist/sanitize-html.js --standalone 'sanitizeHtml'",
		"build": "mkdir -p dist && browserify src/index.js > dist/sanitize-html-es2015.js --standalone 'sanitizeHtml' && babel dist/sanitize-html-es2015.js --out-file dist/sanitize-html.js --presets=@babel/preset-env",
		"minify": "npm run build && uglifyjs dist/sanitize-html.js > dist/sanitize-html.min.js",
		"prepublishOnly": "make clean && npm run minify",
		"prepublishOnly": "npm run minify",
		"test": "npm run prepublishOnly && mocha test/test.js"
		@@ -44,9 +43,10 @@ },
		"devDependencies": {
		"babel-cli": "^6.26.0",
		"babel-preset-env": "^1.7.0",
		"babelify": "^10.0.0",
		"browserify": "^16.2.3",
		"mocha": "^5.2.0",
		"uglify-js": "^3.4.9"
		"uglify-js": "^3.4.9",
		"@babel/cli": "^7.6.0",
		"@babel/core": "^7.6.0",
		"@babel/preset-env": "^7.6.0"
		}
		}

README.md

		@@ -112,2 +112,3 @@ # sanitize-html
		'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre', 'iframe' ],
		disallowedTagsMode: 'discard',
		allowedAttributes: {
		@@ -148,2 +149,10 @@ a: [ 'href', 'name', 'target' ],

		### "What if I want disallowed tags to be escaped rather than discarded?"

		If you set `disallowedTagsMode` to `discard` (the default), disallowed tags are discarded. Any text content or subtags is still included, depending on whether the individual subtags are allowed.

		If you set `disallowedTagsMode` to `escape`, the disallowed tags are escaped rather than discarded. Any text or subtags is handled normally.

		If you set `disallowedTagsMode` to `recursiveEscape`, the disallowed tags are escaped rather than discarded, and the same treatment is applied to all subtags, whether otherwise allowed or not.

		### "What if I want to allow only specific values on some attributes?"
		@@ -427,3 +436,3 @@
		// Match HEX and RGB
		'color': [/^\#(0x)?[0-9a-f]+$/i, /^rgb$\s(\d{1,3})\s,\s(\d{1,3})\s,\s(\d{1,3})\s$$/],
		'color': [/^#(0x)?[0-9a-f]+$/i, /^rgb$\s(\d{1,3})\s,\s(\d{1,3})\s,\s(\d{1,3})\s$$/],
		'text-align': [/^left$/, /^right$/, /^center$/],
		@@ -494,2 +503,14 @@ // Match any number with px, em, or %

		### Choose what to do with disallowed tags

		Instead of discarding, or keeping text only, you may enable escaping of the entire content:

		```javascript
		disallowedTagsMode: 'escape'
		```

		This will transform `<disallowed>content</disallowed>` to `<disallowed>content</disallowed>`

		Valid values are: `'discard'` (default), `'escape'` (escape the tag) and `'recursiveEscape'` (to escape the tag and all its content).

		## About P'unk Avenue and Apostrophe
		@@ -496,0 +517,0 @@

dist/index.js

dist/sanitize-html.js

Sorry, the diff of this file is too big to display

dist/sanitize-html.min.js

Sorry, the diff of this file is too big to display

sanitize-html - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics