sanitize-html
Advanced tools
Comparing version 2.1.1 to 2.1.2
# Changelog | ||
## 2.1.2 (2020-11-04): | ||
- Fixes typos and inconsistencies in the README. Thanks to [Eric Lefevre-Ardant](https://github.com/elefevre) for this contribution. | ||
## 2.1.1 (2020-10-21): | ||
@@ -4,0 +7,0 @@ - Fixes a bug when using `allowedClasses` with an `'*'` wildcard selector. Thanks to [Clemens Damke](https://github.com/Cortys) for this contribution. |
{ | ||
"name": "sanitize-html", | ||
"version": "2.1.1", | ||
"version": "2.1.2", | ||
"description": "Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis", | ||
@@ -20,3 +20,4 @@ "sideEffects": false, | ||
"parser", | ||
"sanitizer" | ||
"sanitizer", | ||
"sanitize" | ||
], | ||
@@ -23,0 +24,0 @@ "author": "Apostrophe Technologies, Inc.", |
@@ -7,7 +7,7 @@ # sanitize-html | ||
`sanitize-html` provides a simple HTML sanitizer with a clear API. | ||
sanitize-html provides a simple HTML sanitizer with a clear API. | ||
`sanitize-html` is tolerant. It is well suited for cleaning up HTML fragments such as those created by ckeditor and other rich text editors. It is especially handy for removing unwanted CSS when copying and pasting from Word. | ||
sanitize-html is tolerant. It is well suited for cleaning up HTML fragments such as those created by CKEditor and other rich text editors. It is especially handy for removing unwanted CSS when copying and pasting from Word. | ||
`sanitize-html` allows you to specify the tags you want to permit, and the permitted attributes for each of those tags. | ||
sanitize-html allows you to specify the tags you want to permit, and the permitted attributes for each of those tags. | ||
@@ -28,3 +28,3 @@ If a tag is not permitted, the contents of the tag are not discarded. There are | ||
`sanitize-html` is intended for use with Node. That's pretty much it. All of its npm dependencies are pure JavaScript. `sanitize-html` is built on the excellent `htmlparser2` module. | ||
sanitize-html is intended for use with Node. That's pretty much it. All of its npm dependencies are pure JavaScript. sanitize-html is built on the excellent `htmlparser2` module. | ||
@@ -40,3 +40,3 @@ ## How to use | ||
* Clone repository and install via npm | ||
* Run npm install and : | ||
* Run npm install and: | ||
@@ -49,3 +49,3 @@ ```bash | ||
Once built and linked in the browser with other project Javascript it can be used to sanitize HTML strings in front end code: | ||
Once built and linked in the browser with other project Javascript, it can be used to sanitize HTML strings in front end code: | ||
@@ -134,4 +134,6 @@ ```javascript | ||
#### "I like your set but I want to add one more tag. Is there a convenient way?" Sure: | ||
#### "I like your set but I want to add one more tag. Is there a convenient way?" | ||
Sure: | ||
```js | ||
@@ -143,7 +145,7 @@ const clean = sanitizeHtml(dirty, { | ||
If you do not specify `allowedTags` or `allowedAttributes` our default list is applied. So if you really want an empty list, specify one. | ||
If you do not specify `allowedTags` or `allowedAttributes`, our default list is applied. So if you really want an empty list, specify one. | ||
#### "What if I want to allow all tags or all attributes?" | ||
Simple! instead of leaving `allowedTags` or `allowedAttributes` out of the options, set either | ||
Simple! Instead of leaving `allowedTags` or `allowedAttributes` out of the options, set either | ||
one or both to `false`: | ||
@@ -236,3 +238,3 @@ | ||
If you wish to allow specific CSS _styles_ on a particular element, you can do that with the `allowedStyles` option. Simply declare your desired attributes as regular expression options within an array for the given attribute. Specific elements will inherit whitelisted attributes from the global (\*) attribute. Any other CSS classes are discarded. | ||
If you wish to allow specific CSS _styles_ on a particular element, you can do that with the `allowedStyles` option. Simply declare your desired attributes as regular expression options within an array for the given attribute. Specific elements will inherit whitelisted attributes from the global (`*`) attribute. Any other CSS classes are discarded. | ||
@@ -278,3 +280,3 @@ **You must also use `allowedAttributes`** to activate the `style` attribute for the relevant elements. Otherwise this feature will never come into play. | ||
`santizeHtml` is built on `htmlparser2`. By default the only option passed down is `decodeEntities: true` You can set the options to pass by using the parser option. | ||
sanitize-html is built on `htmlparser2`. By default the only option passed down is `decodeEntities: true` You can set the options to pass by using the parser option. | ||
@@ -289,3 +291,3 @@ ```javascript | ||
``` | ||
See the [htmlparser2 wiki] (https://github.com/fb55/htmlparser2/wiki/Parser-options) for the full list of possible options. | ||
See the [htmlparser2 wiki](https://github.com/fb55/htmlparser2/wiki/Parser-options) for the full list of possible options. | ||
@@ -421,3 +423,3 @@ ### Transformations | ||
If you would like to allow iframe tags but want to control the domains that are allowed through you can provide an array of hostnames and(or) array of domains that you would like to allow as iframe sources. This hostname is a property in the options object passed as an argument to the `sanitize-html` function. | ||
If you would like to allow iframe tags but want to control the domains that are allowed through, you can provide an array of hostnames and/or array of domains that you would like to allow as iframe sources. This hostname is a property in the options object passed as an argument to the sanitize-html function. | ||
@@ -509,3 +511,3 @@ These arrays will be checked against the html that is passed to the function and return only `src` urls that include the allowed hostnames or domains in the object. The url in the html that is passed must be formatted correctly (valid hostname) as an embedded iframe otherwise the module will strip out the src from the iframe. | ||
By default we allow the following URL schemes in cases where `href`, `src`, etc. are allowed: | ||
By default, we allow the following URL schemes in cases where `href`, `src`, etc. are allowed: | ||
@@ -591,3 +593,3 @@ ```js | ||
`sanitize-html` was created at [P'unk Avenue](https://punkave.com) for use in [ApostropheCMS](https://apostrophecms.com), an open-source content management system built on Node.js. If you like `sanitize-html` you should definitely check out ApostropheCMS. | ||
sanitize-html was created at [P'unk Avenue](https://punkave.com) for use in [ApostropheCMS](https://apostrophecms.com), an open-source content management system built on Node.js. If you like sanitize-html you should definitely check out ApostropheCMS. | ||
@@ -594,0 +596,0 @@ ## Support |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
66616
587