sanitize-html - npm Package Compare versions

Comparing version 2.5.3 to 2.6.0

CHANGELOG.md

 # Changelog
 
+## 2.6.0 (2021-11-23)
+
+- Support for regular expressions in the `allowedClasses` option. Thanks to [Alex Rantos](https://github.com/alex-rantos).
+
 ## 2.5.3 (2021-11-02):
@@ -4,0 +8,0 @@

index.js

@@ -159,2 +159,3 @@ const htmlparser = require('htmlparser2');
   const allowedClassesGlobMap = {};
+  const allowedClassesRegexMap = {};
   each(options.allowedClasses, function(classes, tag) {
@@ -170,2 +171,3 @@ // Implicitly allows the class attribute
     allowedClassesMap[tag] = [];
+    allowedClassesRegexMap[tag] = [];
     const globRegex = [];
@@ -175,2 +177,4 @@ classes.forEach(function(obj) {
         globRegex.push(escapeStringRegexp(obj).replace(/\\\*/g, '.*'));
+      } else if (obj instanceof RegExp) {
+        allowedClassesRegexMap[tag].push(obj);
       } else {
@@ -437,8 +441,12 @@ allowedClassesMap[tag].push(obj);
               const allowedSpecificClassesGlob = allowedClassesGlobMap[name];
+              const allowedSpecificClassesRegex = allowedClassesRegexMap[name];
               const allowedWildcardClassesGlob = allowedClassesGlobMap['*'];
-              const allowedClassesGlobs = [ allowedSpecificClassesGlob, allowedWildcardClassesGlob ].filter(
-                function(t) {
+              const allowedClassesGlobs = [
+                allowedSpecificClassesGlob,
+                allowedWildcardClassesGlob
+              ]
+                .concat(allowedSpecificClassesRegex)
+                .filter(function (t) {
                   return t;
-                }
-              );
+                });
               if (allowedSpecificClasses && allowedWildcardClasses) {
@@ -445,0 +453,0 @@ value = filterClasses(value, deepmerge(allowedSpecificClasses, allowedWildcardClasses), allowedClassesGlobs);

package.json

 {
   "name": "sanitize-html",
-  "version": "2.5.3",
+  "version": "2.6.0",
   "description": "Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis",
@@ -5,0 +5,0 @@ "sideEffects": false,

README.md

@@ -242,2 +242,3 @@ # sanitize-html
 Similar to `allowedAttributes`, you can use `*` to allow classes with a certain prefix, or use `*` as a tag name to allow listed classes to be valid for any tag:
+
 ```js
@@ -250,2 +251,12 @@ allowedClasses: {
 
+Furthermore, regular expressions are supported too:
+
+```js
+allowedClasses: {
+  p: [ /^regex\d{2}$/ ]
+}
+```
+
+> Note: It is advised that your regular expressions always begin with `^` so that you are requiring a known prefix. A regular expression with neither `^` nor `$` just requires that something appear in the middle.
+
 ### Allowed CSS Styles
@@ -252,0 +263,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

75134

increased by1.07%

Lines of code

747

increased by1.08%

Number of lines in readme file

645

increased by1.74%

No dependency changes