sanitize-html
Advanced tools
sanitize-html - npm Package Compare versions
Comparing version 1.7.1 to 1.7.2
29
index.js
| var htmlparser = require('htmlparser2'); | ||
| var extend = require('xtend'); | ||
| var quoteRegexp = require('regexp-quote'); | ||
| require('array-includes').shim(); // Array.prototype.includes polyfill | ||
| function each(obj, cb) { | ||
| obj && Object.keys(obj).forEach(function (key) { | ||
| cb(obj[key], key) | ||
| }) | ||
| if (obj) Object.keys(obj).forEach(function (key) { | ||
| cb(obj[key], key); | ||
| }); | ||
| } | ||
@@ -106,5 +105,5 @@ | ||
| if (options.allowedTags && !options.allowedTags.includes(name)) { | ||
| if (options.allowedTags && options.allowedTags.indexOf(name) === -1) { | ||
| skip = true; | ||
| if (nonTextTagsArray.includes(name)) { | ||
| if (nonTextTagsArray.indexOf(name) !== -1) { | ||
| skipText = true; | ||
@@ -122,3 +121,3 @@ } | ||
| each(attribs, function(value, a) { | ||
| if (!allowedAttributesMap || allowedAttributesMap[name].includes(a) || | ||
| if (!allowedAttributesMap || allowedAttributesMap[name].indexOf(a) !== -1 || | ||
| (allowedAttributesGlobMap[name] && allowedAttributesGlobMap[name].test(a))) { | ||
@@ -147,3 +146,3 @@ if ((a === 'href') || (a === 'src')) { | ||
| } | ||
| if (options.selfClosing.includes(name)) { | ||
| if (options.selfClosing.indexOf(name) !== -1) { | ||
| result += " />"; | ||
@@ -159,3 +158,3 @@ } else { | ||
| var tag = stack[stack.length-1] && stack[stack.length-1].tag; | ||
| if (nonTextTagsArray.includes(tag)) { | ||
| if (nonTextTagsArray.indexOf(tag) !== -1) { | ||
| result += text; | ||
@@ -201,3 +200,3 @@ } else { | ||
| if (options.selfClosing.includes(name)) { | ||
| if (options.selfClosing.indexOf(name) !== -1) { | ||
| // Already output /> | ||
@@ -241,6 +240,6 @@ return; | ||
| if (options.allowedSchemesByTag[name]) { | ||
| return !options.allowedSchemesByTag[name].includes(scheme); | ||
| return options.allowedSchemesByTag[name].indexOf(scheme) === -1; | ||
| } | ||
| return !options.allowedSchemes || !options.allowedSchemes.includes(scheme); | ||
| return !options.allowedSchemes || options.allowedSchemes.indexOf(scheme) === -1; | ||
| } | ||
@@ -255,3 +254,3 @@ | ||
| return classes.filter(function(clss) { | ||
| return allowed.includes(clss); | ||
| return allowed.indexOf(clss) !== -1; | ||
| }).join(' '); | ||
@@ -265,3 +264,5 @@ } | ||
| sanitizeHtml.defaults = { | ||
| allowedTags: [ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', 'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', 'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre' ], | ||
| allowedTags: [ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', | ||
| 'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div', | ||
| 'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre' ], | ||
| allowedAttributes: { | ||
@@ -268,0 +269,0 @@ a: [ 'href', 'name', 'target' ], |
| { | ||
| "name": "sanitize-html", | ||
| "version": "1.7.1", | ||
| "version": "1.7.2", | ||
| "description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis", | ||
@@ -24,3 +24,2 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "array-includes": "^2.0.0", | ||
| "htmlparser2": "3.8.x", | ||
@@ -27,0 +26,0 @@ "regexp-quote": "0.0.0", |
@@ -227,2 +227,4 @@ # sanitize-html | ||
| 1.7.2: removed `array-includes` dependency in favor of `indexOf`, which is a little more verbose but slightly faster and doesn't require a shim. Thanks again to Joseph Dykstra. | ||
| 1.7.1: removed lodash dependency, adding lighter dependencies and polyfills in its place. Thanks to Joseph Dykstra. | ||
@@ -229,0 +231,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.32%
43508
- Dependency count
- decreased by-25%
3
- Lines of code
- increased by0.16%
639
- Number of lines in readme file
- increased by0.66%
304
Dependency changes
- Removedarray-includes@^2.0.0
- Removedarray-buffer-byte-length@1.0.1(transitive)
- Removedarray-includes@2.0.0(transitive)
- Removedarraybuffer.prototype.slice@1.0.3(transitive)
- Removedavailable-typed-arrays@1.0.7(transitive)
- Removedcall-bind@1.0.7(transitive)
- Removeddata-view-buffer@1.0.1(transitive)
- Removeddata-view-byte-length@1.0.1(transitive)
- Removeddata-view-byte-offset@1.0.0(transitive)
- Removeddefine-data-property@1.1.4(transitive)
- Removeddefine-properties@1.2.1(transitive)
- Removedes-abstract@1.23.3(transitive)
- Removedes-define-property@1.0.0(transitive)
- Removedes-errors@1.3.0(transitive)
- Removedes-object-atoms@1.0.0(transitive)
- Removedes-set-tostringtag@2.0.3(transitive)
- Removedes-to-primitive@1.2.1(transitive)
- Removedfor-each@0.3.3(transitive)
- Removedfunction-bind@1.1.2(transitive)
- Removedfunction.prototype.name@1.1.6(transitive)
- Removedfunctions-have-names@1.2.3(transitive)
- Removedget-intrinsic@1.2.4(transitive)
- Removedget-symbol-description@1.0.2(transitive)
- Removedglobalthis@1.0.4(transitive)
- Removedgopd@1.0.1(transitive)
- Removedhas-bigints@1.0.2(transitive)
- Removedhas-property-descriptors@1.0.2(transitive)
- Removedhas-proto@1.0.3(transitive)
- Removedhas-symbols@1.0.3(transitive)
- Removedhas-tostringtag@1.0.2(transitive)
- Removedhasown@2.0.2(transitive)
- Removedinternal-slot@1.0.7(transitive)
- Removedis-array-buffer@3.0.4(transitive)
- Removedis-bigint@1.0.4(transitive)
- Removedis-boolean-object@1.1.2(transitive)
- Removedis-callable@1.2.7(transitive)
- Removedis-data-view@1.0.1(transitive)
- Removedis-date-object@1.0.5(transitive)
- Removedis-negative-zero@2.0.3(transitive)
- Removedis-number-object@1.0.7(transitive)
- Removedis-regex@1.1.4(transitive)
- Removedis-shared-array-buffer@1.0.3(transitive)
- Removedis-string@1.0.7(transitive)
- Removedis-symbol@1.0.4(transitive)
- Removedis-typed-array@1.1.13(transitive)
- Removedis-weakref@1.0.2(transitive)
- Removedisarray@2.0.5(transitive)
- Removedobject-inspect@1.13.3(transitive)
- Removedobject-keys@1.1.1(transitive)
- Removedobject.assign@4.1.5(transitive)
- Removedpossible-typed-array-names@1.0.0(transitive)
- Removedregexp.prototype.flags@1.5.3(transitive)
- Removedsafe-array-concat@1.1.2(transitive)
- Removedsafe-regex-test@1.0.3(transitive)
- Removedset-function-length@1.2.2(transitive)
- Removedset-function-name@2.0.2(transitive)
- Removedside-channel@1.0.6(transitive)
- Removedstring.prototype.trim@1.2.9(transitive)
- Removedstring.prototype.trimend@1.0.8(transitive)
- Removedstring.prototype.trimstart@1.0.8(transitive)
- Removedtyped-array-buffer@1.0.2(transitive)
- Removedtyped-array-byte-length@1.0.1(transitive)
- Removedtyped-array-byte-offset@1.0.2(transitive)
- Removedtyped-array-length@1.0.6(transitive)
- Removedunbox-primitive@1.0.2(transitive)
- Removedwhich-boxed-primitive@1.0.2(transitive)
- Removedwhich-typed-array@1.1.15(transitive)