UNPKG

rehype-sanitize/readme.md

Version:

2.21 kBMarkdownView Raw

1# rehype-sanitize [![Build Status][travis-badge]][travis] [![Coverage Status][codecov-badge]][codecov]
2
3Sanitise HTML with [**rehype**][rehype].
4
5## Installation
6
7[npm][]:
8
9```bash
10npm install rehype-sanitize
11```
12
13## Usage
14
15Say we have the following file, `index.html`:
16
17```html
18<div onmouseover="alert('alpha')">
19  <a href="jAva script:alert('bravo')">delta</a>
20  <img src="x" onerror="alert('charlie')">
21  <iframe src="javascript:alert('delta')"></iframe>
22  <math>
23    <mi xlink:href="data:x,<script>alert('echo')</script>"></mi>
24  </math>
25</div>
26<script>
27require('child_process').spawn('rm', ['-r', '-f', process.env.HOME]);
28</script>
29```
30
31And our script, `example.js`, looks as follows:
32
33```javascript
34var fs = require('fs');
35var rehype = require('rehype');
36var merge = require('deepmerge');
37var gh = require('hast-util-sanitize/lib/github');
38var sanitize = require('rehype-sanitize');
39
40var schema = merge(gh, {tagNames: ['math', 'mi']});
41
42rehype()
43  .data('settings', {fragment: true})
44  .use(sanitize, schema)
45  .process(fs.readFileSync('index.html'), function (err, file) {
46    if (err) throw err;
47    console.log(String(file));
48  });
49```
50
51Now, running `node example` yields:
52
53```html
54<div>
55  <a>delta</a>
56  <img src="x">
57
58  <math>
59    <mi></mi>
60  </math>
61</div>
62```
63
64## API
65
66### `rehype().use(sanitize[, schema])`
67
68Remove potentially dangerous things from HTML.
69
70###### `schema`
71
72The sanitation schema defines how and if nodes and properties should
73be cleaned.  The schema is documented in [`hast-util-sanitize`][schema].
74
75## Related
76
77*   [`hast-util-sanitize`](https://github.com/wooorm/hast-util-sanitize)
78    — Core utility that does the sanitation
79
80## License
81
82[MIT][license] © [Titus Wormer][author]
83
84<!-- Definitions -->
85
86[travis-badge]: https://img.shields.io/travis/wooorm/rehype-sanitize.svg
87
88[travis]: https://travis-ci.org/wooorm/rehype-sanitize
89
90[codecov-badge]: https://img.shields.io/codecov/c/github/wooorm/rehype-sanitize.svg
91
92[codecov]: https://codecov.io/github/wooorm/rehype-sanitize
93
94[npm]: https://docs.npmjs.com/cli/install
95
96[license]: LICENSE
97
98[author]: http://wooorm.com
99
100[rehype]: https://github.com/wooorm/rehype
101
102[schema]: https://github.com/wooorm/hast-util-sanitize#schema

1	`# rehype-sanitize [![Build Status][travis-badge]][travis] [![Coverage Status][codecov-badge]][codecov]`
2
3	`Sanitise HTML with [rehype][rehype].`
4
5	`## Installation`
6
7	`[npm][]:`
8
9	```bash
10	`npm install rehype-sanitize`
11	```
12
13	`## Usage`
14
15	Say we have the following file, `index.html`:
16
17	```html
18	`<div onmouseover="alert('alpha')">`
19	`<a href="jAva script:alert('bravo')">delta</a>`
20	`<img src="x" onerror="alert('charlie')">`
21	`<iframe src="javascript:alert('delta')"></iframe>`
22	`<math>`
23	`<mi xlink:href="data:x,<script>alert('echo')</script>"></mi>`
24	`</math>`
25	`</div>`
26	`<script>`
27	`require('child_process').spawn('rm', ['-r', '-f', process.env.HOME]);`
28	`</script>`
29	```
30
31	And our script, `example.js`, looks as follows:
32
33	```javascript
34	`var fs = require('fs');`
35	`var rehype = require('rehype');`
36	`var merge = require('deepmerge');`
37	`var gh = require('hast-util-sanitize/lib/github');`
38	`var sanitize = require('rehype-sanitize');`
39
40	`var schema = merge(gh, {tagNames: ['math', 'mi']});`
41
42	`rehype()`
43	`.data('settings', {fragment: true})`
44	`.use(sanitize, schema)`
45	`.process(fs.readFileSync('index.html'), function (err, file) {`
46	`if (err) throw err;`
47	`console.log(String(file));`
48	`});`
49	```
50
51	Now, running `node example` yields:
52
53	```html
54	`<div>`
55	`<a>delta</a>`
56	`<img src="x">`
57
58	`<math>`
59	`<mi></mi>`
60	`</math>`
61	`</div>`
62	```
63
64	`## API`
65
66	### `rehype().use(sanitize[, schema])`
67
68	`Remove potentially dangerous things from HTML.`
69
70	###### `schema`
71
72	`The sanitation schema defines how and if nodes and properties should`
73	be cleaned. The schema is documented in [`hast-util-sanitize`][schema].
74
75	`## Related`
76
77	* [`hast-util-sanitize`](https://github.com/wooorm/hast-util-sanitize)
78	`— Core utility that does the sanitation`
79
80	`## License`
81
82	`[MIT][license] © [Titus Wormer][author]`
83
84	`<!-- Definitions -->`
85
86	`[travis-badge]: https://img.shields.io/travis/wooorm/rehype-sanitize.svg`
87
88	`[travis]: https://travis-ci.org/wooorm/rehype-sanitize`
89
90	`[codecov-badge]: https://img.shields.io/codecov/c/github/wooorm/rehype-sanitize.svg`
91
92	`[codecov]: https://codecov.io/github/wooorm/rehype-sanitize`
93
94	`[npm]: https://docs.npmjs.com/cli/install`
95
96	`[license]: LICENSE`
97
98	`[author]: http://wooorm.com`
99
100	`[rehype]: https://github.com/wooorm/rehype`
101
102	`[schema]: https://github.com/wooorm/hast-util-sanitize#schema`