Sanitize-html is not written in TypeScript and there is no plan to directly support it. sanitize-html is built on the excellent htmlparser2 module. All of its npm dependencies are pure JavaScript. Sanitize-html is intended for use with Node.js and supports Node 10+. Additionally, in attribute values, quotation marks are escaped as well ( " -> '). Ditto for src attributes.Īllowing particular urls as a src to an iframe tag by filtering hostnames is also supported.Īdditionally, sanitize-html escapes ALL text content - this means that ampersands, greater-than, and less-than signs are converted to their equivalent HTML character references ( & -> &, <, and so on). Href attributes are validated to ensure they only contain http, https, ftp and mailto URLs.
The syntax of poorly closed p and img elements is cleaned up. Some exceptions to this, discussed below in the "Discarding the entire contents If a tag is not permitted, the contents of the tag are not discarded. Sanitize-html allows you to specify the tags you want to permit, and the permitted attributes for each of those tags. It is especially handy for removing unwanted CSS when copying and pasting from Word. It is well suited for cleaning up HTML fragments such as those created by CKEditor and other rich text editors. Sanitize-html provides a simple HTML sanitizer with a clear API.
0 kommentar(er)
