Socket
Socket
Sign inDemoInstall

strip-dom-tags

Package Overview
Dependencies
0
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

strip-dom-tags

Safely strip DOM tags from a HTML string to prevent XSS attacks.


Version published
Maintainers
1
Weekly downloads
393
decreased by-53.16%

Weekly downloads

Readme

Source

strip-dom-tags

Safely strip all DOM tags from a string to prevent XSS attacks

This module exposes a single functions, that strips a HTML string from tags. It uses the browser DOMParser API (https://caniuse.com/#search=domparser) internally to do the parsing and stripping. It has no dependencies.

You can whitelist different tags and attributes that are allowed, but javascript: attribute values will always be stripped.

This module only works in the browser, it will always return the empty string if invoked server-side.

Usage

stripTags(html : string, whitelistedTags = [] : string[], whitelistedAttributes = [] : string[], visitNode?: (node: Node) : Node) : string
  • html - The string to strip from HTML tags.
  • whitelistedTags - A list of HTML tags that are allowed, like a and img. This is case-insensitive. The default is no tags are allowed.
  • whitelistedAttributes - A list of HTML attributes that are allwed, like href and src. The passed attributes will be allowed on any tag that is whitelisted. So it is possible for a a tag to get a src attribute. Note that attribute values starting with javascript: or containing \n will always be stripped.
  • visitNode - A function that will be invoked on every resulting DOM node after it has been stripped. You can use this to remove invalid attribute, or add target attribute to a tags for example. You can also return a different node (maybe replace img with picture).

Return value

The function returns a HTML string, that is stripped of all the listed tags.

Examples

FAQs

Last updated on 17 Aug 2020

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc