Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

sanitize-html

Package Overview
Dependencies
Maintainers
14
Versions
114
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

sanitize-html

Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis

  • 2.7.1
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
2.1M
decreased by-18.38%
Maintainers
14
Weekly downloads
 
Created

What is sanitize-html?

The sanitize-html npm package is designed to clean up user-submitted HTML, preventing XSS attacks by sanitizing any HTML code input by users. It allows developers to specify a whitelist of HTML tags and attributes that are allowed, and it will strip out all other tags and attributes that are not explicitly allowed.

What are sanitize-html's main functionalities?

Sanitizing HTML

This feature allows you to remove any unwanted HTML tags and content that could lead to XSS attacks, leaving only the content that is deemed safe according to the specified rules.

const sanitizeHtml = require('sanitize-html');
const dirtyHtml = '<script>alert("XSS");</script><p>Valid content</p>';
const cleanHtml = sanitizeHtml(dirtyHtml);
console.log(cleanHtml); // Output: '<p>Valid content</p>'

Allowing a set of HTML tags

This feature lets you specify which HTML tags are allowed in the sanitized output, effectively filtering out all other tags that are not part of the whitelist.

const sanitizeHtml = require('sanitize-html');
const dirtyHtml = '<div><p>Some text</p><script>Bad script</script></div>';
const cleanHtml = sanitizeHtml(dirtyHtml, {
  allowedTags: ['div', 'p']
});
console.log(cleanHtml); // Output: '<div><p>Some text</p></div>'

Configuring allowed attributes for tags

This feature allows you to configure which attributes are allowed for specific tags, providing fine-grained control over the sanitization process.

const sanitizeHtml = require('sanitize-html');
const dirtyHtml = '<a href="http://example.com" onclick="stealCookies()">Link</a>';
const cleanHtml = sanitizeHtml(dirtyHtml, {
  allowedTags: ['a'],
  allowedAttributes: {
    'a': ['href']
  }
});
console.log(cleanHtml); // Output: '<a href="http://example.com">Link</a>'

Transforming tags and attributes

This feature enables you to transform certain tags into other tags, or modify their attributes during the sanitization process.

const sanitizeHtml = require('sanitize-html');
const dirtyHtml = '<b>bold text</b>';
const cleanHtml = sanitizeHtml(dirtyHtml, {
  transformTags: {
    'b': sanitizeHtml.simpleTransform('strong')
  }
});
console.log(cleanHtml); // Output: '<strong>bold text</strong>'

Other packages similar to sanitize-html

Keywords

FAQs

Package last updated on 20 Jul 2022

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc