How to use the sanitize-html.simpleTransform function in sanitize-html

To help you get started, we’ve selected a few sanitize-html examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github jupyterlab / jupyterlab / packages / apputils / src / sanitizer.ts View on Github external
visibility: [CssProp.VISIBILITY],
        volume: [CssProp.VOLUME],
        'white-space': [CssProp.WHITE_SPACE],
        width: [CssProp.WIDTH],
        'word-break': [CssProp.WORD_BREAK],
        'word-spacing': [CssProp.WORD_SPACING],
        'word-wrap': [CssProp.WORD_WRAP],
        'z-index': [CssProp.Z_INDEX],
        zoom: [CssProp.ZOOM]
      }
    },
    transformTags: {
      // Set the "rel" attribute for <a> tags to "nofollow".
      a: sanitize.simpleTransform('a', { rel: 'nofollow' }),
      // Set the "disabled" attribute for <input> tags.
      input: sanitize.simpleTransform('input', { disabled: 'disabled' })
    },
    allowedSchemesByTag: {
      // Allow 'attachment:' img src (used for markdown cell attachments).
      img: sanitize.defaults.allowedSchemes.concat(['attachment'])
    },
    // Override of the default option, so we can skip 'src' attribute validation.
    // 'src' Attributes are validated to be URIs, which does not allow for embedded (image) data.
    // Since embedded data is no longer deemed to be a threat, validation can be skipped.
    // See https://github.com/jupyterlab/jupyterlab/issues/5183
    allowedSchemesAppliedToAttributes: ['href', 'cite']
  };
}

/**
 * The default instance of an `ISanitizer` meant for use by user code.
 */</a>
github vector-im / riot-web / src / HtmlUtils.js View on Github external
// custom ones first:
        font: [ 'color' ], // custom to matrix
        a: [ 'href', 'name', 'target' ], // remote target: custom to matrix
        // We don't currently allow img itself by default, but this
        // would make sense if we did
        img: [ 'src' ],
    },
    // Lots of these won't come up by default because we don't allow them
    selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
    // URL schemes we permit
    allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
    allowedSchemesByTag: {},
    
    transformTags: { // custom to matrix
        // add blank targets to all hyperlinks
        'a': sanitizeHtml.simpleTransform('a', { target: '_blank'} )
    },
};

module.exports = {
    bodyToHtml: function(content, searchTerm) {
        var originalBody = content.body;
        var body;

        if (searchTerm) {
            var lastOffset = 0;
            var bodyList = [];
            var k = 0;
            var offset;

            // XXX: rather than searching for the search term in the body,
            // we should be looking at the match delimiters returned by the FTS engine
github Mewte / InstaSync / web / app.js View on Github external
app.locals.sanitizeRoomInfo = function(dirty){
	return sanitizeHtml(dirty,{
		transformTags: {
			'a': sanitizeHtml.simpleTransform('a', {target: '_blank'}),
		}
	});
};
module.exports = app;
github pietrop / fact2_transcription_editor / src / lib / clean_html / index.js View on Github external
function cleanHTML(dirty) {
    return sanitizeHtml(dirty, {
        allowedTags: [ 'b', 'i', 'em', 'strong', 'a', 'p', 'span', 'br' ],
        transformTags: {
            'div': sanitizeHtml.simpleTransform('p'),
        },
        allowedAttributes: {
            'span': [ 'class', 'speakerLabel', 'confidenceScore4','sectionHeader','wordnoTimeCode','editableSection','confidenceScore3','confidenceScore2','wordnoTimeCode','contentEditable','data-*' ]
        }
    });
};
github oTranscribe / oTranscribe / src / js / app / clean-html.js View on Github external
export function cleanHTML(dirty) {
    return sanitizeHtml(dirty, {
        allowedTags: [ 'b', 'i', 'em', 'strong', 'a', 'p', 'span', 'br' ],
        transformTags: {
            'div': sanitizeHtml.simpleTransform('p'),
        },
        allowedAttributes: {
            'span': [ 'class', 'data-timestamp', 'contentEditable' ]
        }
    });
};
github gbif / portal16 / app / helpers / format.js View on Github external
function addPortalClasses(raw) {
    raw = raw || '';
    let clean;
    clean = sanitizeHtml(raw, {
        allowedTags: false,
        allowedAttributes: false,
        transformTags: {
            'table': sanitizeHtml.simpleTransform('table', {class: 'table'})
        }
    }
    );
    return clean;
}
github metaspace2020 / metaspace / metaspace / webapp / src / lib / sanitizeIt.ts View on Github external
export default function sanitizeIt(descriptionText: string) {
  return sanitizeHtml(
    descriptionText,
    {
      allowedTags: ['h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
        'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
        'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre', 'del'],
      allowedAttributes: {
        a: ['href', 'rel'],
      },
      transformTags: {
        a: sanitizeHtml.simpleTransform('a', { rel: 'nofollow noopener noreferrer' }),
      },
    })
}
github openshift / console / frontend / public / components / cloud-services / markdown-view.tsx View on Github external
const markdownConvert = (markdown) => {
  const unsafeHtml = new Converter({
    openLinksInNewWindow: true,
    strikethrough: true,
    emoji: true,
  }).makeHtml(markdown);

  return sanitizeHtml(unsafeHtml, {
    allowedTags: ['b', 'i', 'strike', 's', 'del', 'em', 'strong', 'a', 'p', 'h1', 'h2', 'h3', 'h4', 'ul', 'ol', 'li', 'code', 'pre'],
    allowedAttributes: {
      'a': ['href', 'target', 'rel'],
    },
    allowedSchemes: ['http', 'https', 'mailto'],
    transformTags: {
      'a': sanitizeHtml.simpleTransform('a', {rel: 'noopener noreferrer'}, true),
    },
  });
};

sanitize-html

Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis

MIT
Latest version published 1 month ago

Package Health Score

94 / 100
Full package analysis