sanitize-html
Advanced tools
Comparing version 1.8.0 to 1.9.0
14
index.js
@@ -37,4 +37,10 @@ var htmlparser = require('htmlparser2'); | ||
options = sanitizeHtml.defaults; | ||
options.parser = htmlParserDefaults; | ||
} else { | ||
options = extend(sanitizeHtml.defaults, options); | ||
if (options.parser) { | ||
options.parser = extend(htmlParserDefaults, options.parser); | ||
} else { | ||
options.parser = htmlParserDefaults; | ||
} | ||
} | ||
@@ -235,4 +241,3 @@ // Tags that contain something other than HTML, or where discarding | ||
} | ||
}, { decodeEntities: true }); | ||
}, options.parser); | ||
parser.write(html); | ||
@@ -289,2 +294,5 @@ parser.end(); | ||
var htmlParserDefaults = { | ||
decodeEntities: true | ||
}; | ||
sanitizeHtml.defaults = { | ||
@@ -326,2 +334,2 @@ allowedTags: [ 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol', | ||
}; | ||
}; | ||
}; |
{ | ||
"name": "sanitize-html", | ||
"version": "1.8.0", | ||
"version": "1.9.0", | ||
"description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -88,3 +88,16 @@ # sanitize-html | ||
``` | ||
### htmlparser2 Options | ||
`santizeHtml` is built on `htmlparser2`. By default the only option passed down is `decodeEntities: true` You can set the options to pass by using the parser option. | ||
```javascript | ||
clean = sanitizeHtml(dirty, { | ||
allowedTags: ['a'], | ||
parser: { | ||
lowerCaseTags: true | ||
} | ||
}); | ||
``` | ||
See the [htmlparser2 wiki] (https://github.com/fb55/htmlparser2/wiki/Parser-options) for the full list of possible options. | ||
### Transformations | ||
@@ -230,2 +243,4 @@ | ||
1.9.0: `parser` option allows options to be passed directly to `htmlparser2. Thanks to Danny Scott. | ||
1.8.0: | ||
@@ -232,0 +247,0 @@ |
@@ -428,2 +428,21 @@ var assert = require("assert"); | ||
}); | ||
it('should respect htmlparser2 options when passed in', function() { | ||
assert.equal( | ||
sanitizeHtml("<Archer><Sterling>I am</Sterling></Archer>", { | ||
allowedTags: false, | ||
allowedAttributes: false, | ||
}), | ||
"<archer><sterling>I am</sterling></archer>" | ||
); | ||
assert.equal( | ||
sanitizeHtml("<Archer><Sterling>I am</Sterling></Archer>", { | ||
allowedTags: false, | ||
allowedAttributes: false, | ||
parser: { | ||
lowerCaseTags: false | ||
} | ||
}), | ||
"<Archer><Sterling>I am</Sterling></Archer>" | ||
); | ||
}); | ||
}); |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
48120
742
329