Dompurify
dompurify
Super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG!
DOMPurify sanitizes HTML and prevents XSS attacks.
|dirty HTML | => |DOMPurify.sanitize | => | Clean and safe HTML |
The faster your browser, the faster DOMPurify will be ;)
Install it: npm install --save dompurify
Sample usage:
1 2 3 4 5 |
|
It's configurable: var config = { ALLOWED_TAGS: ['p', '#text'], KEEP_CONTENT: false };
and DOMPurify.sanitize(str, config)
We can also use hooks
:
beforeSantitizeElements
afterSantitizeElements
beforeSantitizeAttributes
afterSantitizeAttributes
1 2 3 4 |
|
GIF FTW!