Socket
Socket
Sign inDemoInstall

striptags

Package Overview
Dependencies
0
Maintainers
1
Versions
20
Alerts
File Explorer

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

striptags

PHP strip_tags in Node.js


Version published
Maintainers
1
Weekly downloads
595,565
decreased by-7.92%

Weekly downloads

Readme

Source

striptags Build Status

An implementation of PHP's strip_tags in Node.js.

Note: v3+ targets ES6, and is therefore incompatible with the master branch of uglifyjs. You can either:

  • use babili, which supports ES6
  • use the harmony branch of uglifyjs
  • stick with the 2.x.x branch

Features

  • Fast
  • Zero dependencies
  • 100% test code coverage
  • No unsafe regular expressions

Installing

npm install striptags

Basic Usage

striptags(html, allowed_tags, tag_replacement);

Example

var striptags = require('striptags');

var html =
    '<a href="https://example.com">' +
        'lorem ipsum <strong>dolor</strong> <em>sit</em> amet' +
    '</a>';

striptags(html);
striptags(html, '<strong>');
striptags(html, ['a']);
striptags(html, [], '\n');

Outputs:

'lorem ipsum dolor sit amet'
lorem ipsum <strong>dolor</strong> sit amet'
'<a href="https://example.com">lorem ipsum dolor sit amet</a>'
lorem ipsum 
dolor
 
sit
 amet

Streaming Mode

striptags can also operate in streaming mode. Simply call init_streaming_mode to get back a function that accepts HTML and outputs stripped HTML. State is saved between calls so that partial HTML can be safely passed in.

let stream_function = striptags.init_streaming_mode(
    allowed_tags,
    tag_replacement
);

let partial_text = stream_function(partial_html);
let more_text    = stream_function(more_html);

Check out test/striptags-test.js for a concrete example.

Tests

You can run tests (powered by mocha) locally via:

npm test

Generate test coverage (powered by istanbul) via :

npm run coverage

Doesn't use regular expressions

striptags does not use any regular expressions for stripping HTML tags.

Regular expressions are not capable of preventing all possible scripting attacks (see this). Here is a great StackOverflow answer regarding how strip_tags (when used without specifying allowableTags) is not vulnerable to scripting attacks.

Keywords

FAQs

Last updated on 18 Jun 2021

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc