sanitize-html - npm Package Compare versions

Comparing version 1.5.3 to 1.6.0

index.js

		@@ -169,3 +169,8 @@ var htmlparser = require('htmlparser2');
		} else {
		result += escapeHtml(text);
		var escaped = escapeHtml(text);
		if (options.textFilter) {
		result += options.textFilter(escaped);
		} else {
		result += escaped;
		}
		}
		@@ -172,0 +177,0 @@ if (stack.length) {

package.json

		{
		"name": "sanitize-html",
		"version": "1.5.3",
		"version": "1.6.0",
		"description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis",
		@@ -5,0 +5,0 @@ "main": "index.js",

README.md

		@@ -155,2 +155,23 @@ # sanitize-html

		You can also process all text content with a provided filter function. Let's say we want an ellipsis instead of three dots.

		```html
		<p>some text...</p>
		```

		We can do that with the following filter:

		```javascript
		sanitizeHtml(
		'<p>some text...</p>',
		{
		textFilter: function(text) {
		return text.replace(/\.\.\./, '…');
		}
		}
		);
		```

		Note that the text passed to the `textFilter` method is already escaped for safe display as HTML. You may add markup and use entity escape sequences in your `textFilter`.

		### Allowed CSS Classes
		@@ -193,2 +214,4 @@

		1.6.0: added `textFilter` option. Thanks to Csaba Palfi.

		1.5.3: do not escape special characters inside a script or style element, if they are allowed. This is consistent with the way browsers parse them; nothing closes them except the appropriate closing tag for the entire element. Of course, this only comes into play if you actually choose to allow those tags. Thanks to aletorrado.
		@@ -195,0 +218,0 @@

test/test.js

		@@ -336,2 +336,11 @@ var assert = require("assert");
		});
		it('should process text nodes with provided function', function() {
		assert.equal(
		sanitizeHtml('"normal text this should be removed"', {
		textFilter: function(text) {
		return text.replace(' this should be removed', '');
		}
		}), '"normal text"'
		);
		});
		});

New alerts