1 | # rehype-sanitize
|
2 |
|
3 | [![Build][build-badge]][build]
|
4 | [![Coverage][coverage-badge]][coverage]
|
5 | [![Downloads][downloads-badge]][downloads]
|
6 | [![Chat][chat-badge]][chat]
|
7 |
|
8 | Sanitise HTML with [**rehype**][rehype].
|
9 |
|
10 | ## Installation
|
11 |
|
12 | [npm][]:
|
13 |
|
14 | ```bash
|
15 | npm install rehype-sanitize
|
16 | ```
|
17 |
|
18 | ## Usage
|
19 |
|
20 | Say we have the following file, `index.html`:
|
21 |
|
22 | ```html
|
23 | <div onmouseover="alert('alpha')">
|
24 | <a href="jAva script:alert('bravo')">delta</a>
|
25 | <img src="x" onerror="alert('charlie')">
|
26 | <iframe src="javascript:alert('delta')"></iframe>
|
27 | <math>
|
28 | <mi xlink:href="data:x,<script>alert('echo')</script>"></mi>
|
29 | </math>
|
30 | </div>
|
31 | <script>
|
32 | require('child_process').spawn('rm', ['-r', '-f', process.env.HOME]);
|
33 | </script>
|
34 | ```
|
35 |
|
36 | And our script, `example.js`, looks as follows:
|
37 |
|
38 | ```javascript
|
39 | var fs = require('fs')
|
40 | var rehype = require('rehype')
|
41 | var merge = require('deepmerge')
|
42 | var gh = require('hast-util-sanitize/lib/github')
|
43 | var sanitize = require('rehype-sanitize')
|
44 |
|
45 | var schema = merge(gh, {tagNames: ['math', 'mi']})
|
46 |
|
47 | rehype()
|
48 | .data('settings', {fragment: true})
|
49 | .use(sanitize, schema)
|
50 | .process(fs.readFileSync('index.html'), function(err, file) {
|
51 | if (err) throw err
|
52 | console.log(String(file))
|
53 | })
|
54 | ```
|
55 |
|
56 | Now, running `node example` yields:
|
57 |
|
58 | ```html
|
59 | <div>
|
60 | <a>delta</a>
|
61 | <img src="x">
|
62 |
|
63 | <math>
|
64 | <mi></mi>
|
65 | </math>
|
66 | </div>
|
67 | ```
|
68 |
|
69 | ## API
|
70 |
|
71 | ### `rehype().use(sanitize[, schema])`
|
72 |
|
73 | Remove potentially dangerous things from HTML.
|
74 |
|
75 | ###### `schema`
|
76 |
|
77 | The sanitation schema defines how and if nodes and properties should
|
78 | be cleaned. The schema is documented in [`hast-util-sanitize`][schema].
|
79 |
|
80 | ## Related
|
81 |
|
82 | * [`hast-util-sanitize`](https://github.com/syntax-tree/hast-util-sanitize)
|
83 | — Core utility that does the sanitation
|
84 |
|
85 | ## Contribute
|
86 |
|
87 | See [`contributing.md` in `rehypejs/rehype`][contribute] for ways to get
|
88 | started.
|
89 |
|
90 | This organisation has a [Code of Conduct][coc]. By interacting with this
|
91 | repository, organisation, or community you agree to abide by its terms.
|
92 |
|
93 | ## License
|
94 |
|
95 | [MIT][license] © [Titus Wormer][author]
|
96 |
|
97 |
|
98 |
|
99 | [build-badge]: https://img.shields.io/travis/rehypejs/rehype-sanitize.svg
|
100 |
|
101 | [build]: https://travis-ci.org/rehypejs/rehype-sanitize
|
102 |
|
103 | [coverage-badge]: https://img.shields.io/codecov/c/github/rehypejs/rehype-sanitize.svg
|
104 |
|
105 | [coverage]: https://codecov.io/github/rehypejs/rehype-sanitize
|
106 |
|
107 | [downloads-badge]: https://img.shields.io/npm/dm/rehype-sanitize.svg
|
108 |
|
109 | [downloads]: https://www.npmjs.com/package/rehype-sanitize
|
110 |
|
111 | [chat-badge]: https://img.shields.io/badge/join%20the%20community-on%20spectrum-7b16ff.svg
|
112 |
|
113 | [chat]: https://spectrum.chat/unified/rehype
|
114 |
|
115 | [npm]: https://docs.npmjs.com/cli/install
|
116 |
|
117 | [license]: license
|
118 |
|
119 | [author]: https://wooorm.com
|
120 |
|
121 | [rehype]: https://github.com/rehypejs/rehype
|
122 |
|
123 | [schema]: https://github.com/syntax-tree/hast-util-sanitize#schema
|
124 |
|
125 | [contribute]: https://github.com/rehypejs/rehype/blob/master/contributing.md
|
126 |
|
127 | [coc]: https://github.com/rehypejs/rehype/blob/master/code-of-conduct.md
|