Simple whitelist-based html sanitizer inspired by the SanitizationFilter
in GitHub's html-pipeline library.
Works in node (through cheerio) and in the browser (through jquery), and weighs in ~ 2kb minimized.
var cockblock = require("cockblock");
cockblock(html[, options]); // Returns sanitized html
cockblock.url(url[, options]); // Returns sanitized url
In the browser, just include jquery and cockblock.js:
<script src="path/to/jquery.js" type="text/javascript"></script>
<script src="path/to/cockblock.js" type="text/javascript"></script>
The library comes with a sensible set of defaults. You can override them
through cockblock.defaults
or simply pass the options inline.
// Simplified example that only permits <a>, <em> and <strong> elements.
// Titles are permitted on all elements and links can also include href.
// Only absolute http(s) links are permitted.
cockblock.defaults = {
elements: ["a", "em", "strong"],
attributes: {
"a": ["href"],
"all": ["title"]
},
protocols: /^(http|https)/i
};
See lib/cockblock.js for the default set of allowed elements, attributes, and supported protocols.
Want to contribute? Great! Open an issue if you've found a bug, and pull requests are always welcome.
git clone https://github.com/kumu/cockblock && cd cockblock
npm install -g mocha
npm install
make test # run tests within console / cheerio
make test-browser # run tests within browser / jquery