sanitize-html - npm Package Compare versions

Comparing version 1.3.0 to 1.4.1

index.js

		@@ -37,6 +37,9 @@ var htmlparser = require('htmlparser2');
		};
		var allowedTagsMap = {};
		_.each(options.allowedTags, function(tag) {
		allowedTagsMap[tag] = true;
		});
		var allowedTagsMap;
		if(options.allowedTags) {
		allowedTagsMap = {};
		_.each(options.allowedTags, function(tag) {
		allowedTagsMap[tag] = true;
		});
		}
		var selfClosingMap = {};
		@@ -46,16 +49,21 @@ _.each(options.selfClosing, function(tag) {
		});
		var allowedAttributesMap = {};
		_.each(options.allowedAttributes, function(attributes, tag) {
		allowedAttributesMap[tag] = {};
		_.each(attributes, function(name) {
		allowedAttributesMap[tag][name] = true;
		var allowedAttributesMap;
		if(options.allowedAttributes) {
		allowedAttributesMap = {};
		_.each(options.allowedAttributes, function(attributes, tag) {
		allowedAttributesMap[tag] = {};
		_.each(attributes, function(name) {
		allowedAttributesMap[tag][name] = true;
		});
		});
		});
		}
		var allowedClassesMap = {};
		_.each(options.allowedClasses, function(classes, tag) {
		// Implicitly allows the class attribute
		if (!allowedAttributesMap[tag]) {
		allowedAttributesMap[tag] = {};
		if(allowedAttributesMap) {
		if (!allowedAttributesMap[tag]) {
		allowedAttributesMap[tag] = {};
		}
		allowedAttributesMap[tag]['class'] = true;
		}
		allowedAttributesMap[tag]['class'] = true;

		@@ -98,3 +106,3 @@ allowedClassesMap[tag] = {};

		if (!_.has(allowedTagsMap, name)) {
		if (allowedTagsMap && !_.has(allowedTagsMap, name)) {
		skip = true;
		@@ -112,5 +120,5 @@ if (_.has(nonTextTagsMap, name)) {
		result += '<' + name;
		if (_.has(allowedAttributesMap, name)) {
		if (!allowedAttributesMap \|\| _.has(allowedAttributesMap, name)) {
		_.each(attribs, function(value, a) {
		if (_.has(allowedAttributesMap[name], a)) {
		if (!allowedAttributesMap \|\| _.has(allowedAttributesMap[name], a)) {
		if ((a === 'href') \|\| (a === 'src')) {
		@@ -117,0 +125,0 @@ if (naughtyHref(value)) {

package.json

		{
		"name": "sanitize-html",
		"version": "1.3.0",
		"version": "1.4.1",
		"description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -66,2 +66,11 @@ # sanitize-html

		"What if I want to allow all tags or all attributes?"

		Simple! instead of leaving `allowedTags` or `allowedAttributes` out of the options, set either
		one or both to `false`:

		allowedTags: false,
		allowedAttributes: false


		### Transformations
		@@ -175,2 +184,4 @@

		1.4.0: ability to allow all attributes or tags through by setting `allowedAttributes` and/or `allowedTags` to false. Thanks to Anand Thakker.

		1.3.0: `attribs` now available on frames passed to exclusive filter.
		@@ -229,2 +240,1 @@
		<a href="http://punkave.com/"><img src="https://raw.github.com/punkave/sanitize-html/master/logos/logo-box-builtby.png" /></a>

test/test.js

		@@ -10,2 +10,8 @@ var assert = require("assert");
		});
		it('should pass through all markup if allowedTags and allowedAttributes are set to false', function() {
		assert.equal(sanitizeHtml('<div><wiggly worms="ewww">hello</wiggly></div>', {
		allowedTags: false,
		allowedAttributes: false
		}), '<div><wiggly worms="ewww">hello</wiggly></div>');
		});
		it('should respect text nodes at top level', function() {
		@@ -226,2 +232,1 @@ assert.equal(sanitizeHtml('Blah blah blah<p>Whee!</p>'), 'Blah blah blah<p>Whee!</p>');
		});

sanitize-html - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics