UNPKG

rehype-sanitize/readme.md

Version:

3.61 kBMarkdownView Raw

1# rehype-sanitize
2
3[![Build][build-badge]][build]
4[![Coverage][coverage-badge]][coverage]
5[![Downloads][downloads-badge]][downloads]
6[![Size][size-badge]][size]
7[![Sponsors][sponsors-badge]][collective]
8[![Backers][backers-badge]][collective]
9[![Chat][chat-badge]][chat]
10
11[**rehype**][rehype] plugin to sanitise HTML.
12
13## Install
14
15[npm][]:
16
17```sh
18npm install rehype-sanitize
19```
20
21## Use
22
23Say we have the following file, `index.html`:
24
25```html
26<div onmouseover="alert('alpha')">
27  <a href="jAva script:alert('bravo')">delta</a>
28  <img src="x" onerror="alert('charlie')">
29  <iframe src="javascript:alert('delta')"></iframe>
30  <math>
31    <mi xlink:href="data:x,<script>alert('echo')</script>"></mi>
32  </math>
33</div>
34<script>
35require('child_process').spawn('rm', ['-r', '-f', process.env.HOME]);
36</script>
37```
38
39And our script, `example.js`, looks as follows:
40
41```js
42var fs = require('fs')
43var rehype = require('rehype')
44var merge = require('deepmerge')
45var gh = require('hast-util-sanitize/lib/github')
46var sanitize = require('rehype-sanitize')
47
48var schema = merge(gh, {tagNames: ['math', 'mi']})
49
50rehype()
51  .data('settings', {fragment: true})
52  .use(sanitize, schema)
53  .process(fs.readFileSync('index.html'), function(err, file) {
54    if (err) throw err
55    console.log(String(file))
56  })
57```
58
59Now, running `node example` yields:
60
61```html
62<div>
63  <a>delta</a>
64  <img src="x">
65
66  <math>
67    <mi></mi>
68  </math>
69</div>
70```
71
72## API
73
74### `rehype().use(sanitize[, schema])`
75
76Remove potentially dangerous things from HTML, or more correct: keep only safe
77the things in a document.
78
79###### `schema`
80
81The sanitation schema defines how and if nodes and properties should be cleaned.
82The schema is documented in [`hast-util-sanitize`][schema].
83
84## Related
85
86*   [`hast-util-sanitize`](https://github.com/syntax-tree/hast-util-sanitize)
87    — Core utility that does the sanitation
88
89## Contribute
90
91See [`contributing.md`][contributing] in [`rehypejs/.github`][health] for ways
92to get started.
93See [`support.md`][support] for ways to get help.
94
95This project has a [Code of Conduct][coc].
96By interacting with this repository, organisation, or community you agree to
97abide by its terms.
98
99## License
100
101[MIT][license] © [Titus Wormer][author]
102
103<!-- Definitions -->
104
105[build-badge]: https://img.shields.io/travis/rehypejs/rehype-sanitize.svg
106
107[build]: https://travis-ci.org/rehypejs/rehype-sanitize
108
109[coverage-badge]: https://img.shields.io/codecov/c/github/rehypejs/rehype-sanitize.svg
110
111[coverage]: https://codecov.io/github/rehypejs/rehype-sanitize
112
113[downloads-badge]: https://img.shields.io/npm/dm/rehype-sanitize.svg
114
115[downloads]: https://www.npmjs.com/package/rehype-sanitize
116
117[size-badge]: https://img.shields.io/bundlephobia/minzip/rehype-sanitize.svg
118
119[size]: https://bundlephobia.com/result?p=rehype-sanitize
120
121[sponsors-badge]: https://opencollective.com/unified/sponsors/badge.svg
122
123[backers-badge]: https://opencollective.com/unified/backers/badge.svg
124
125[collective]: https://opencollective.com/unified
126
127[chat-badge]: https://img.shields.io/badge/join%20the%20community-on%20spectrum-7b16ff.svg
128
129[chat]: https://spectrum.chat/unified/rehype
130
131[npm]: https://docs.npmjs.com/cli/install
132
133[health]: https://github.com/rehypejs/.github
134
135[contributing]: https://github.com/rehypejs/.github/blob/master/contributing.md
136
137[support]: https://github.com/rehypejs/.github/blob/master/support.md
138
139[coc]: https://github.com/rehypejs/.github/blob/master/code-of-conduct.md
140
141[license]: license
142
143[author]: https://wooorm.com
144
145[rehype]: https://github.com/rehypejs/rehype
146
147[schema]: https://github.com/syntax-tree/hast-util-sanitize#schema

1	`# rehype-sanitize`
2
3	`[![Build][build-badge]][build]`
4	`[![Coverage][coverage-badge]][coverage]`
5	`[![Downloads][downloads-badge]][downloads]`
6	`[![Size][size-badge]][size]`
7	`[![Sponsors][sponsors-badge]][collective]`
8	`[![Backers][backers-badge]][collective]`
9	`[![Chat][chat-badge]][chat]`
10
11	`[rehype][rehype] plugin to sanitise HTML.`
12
13	`## Install`
14
15	`[npm][]:`
16
17	```sh
18	`npm install rehype-sanitize`
19	```
20
21	`## Use`
22
23	Say we have the following file, `index.html`:
24
25	```html
26	`<div onmouseover="alert('alpha')">`
27	`<a href="jAva script:alert('bravo')">delta</a>`
28	`<img src="x" onerror="alert('charlie')">`
29	`<iframe src="javascript:alert('delta')"></iframe>`
30	`<math>`
31	`<mi xlink:href="data:x,<script>alert('echo')</script>"></mi>`
32	`</math>`
33	`</div>`
34	`<script>`
35	`require('child_process').spawn('rm', ['-r', '-f', process.env.HOME]);`
36	`</script>`
37	```
38
39	And our script, `example.js`, looks as follows:
40
41	```js
42	`var fs = require('fs')`
43	`var rehype = require('rehype')`
44	`var merge = require('deepmerge')`
45	`var gh = require('hast-util-sanitize/lib/github')`
46	`var sanitize = require('rehype-sanitize')`
47
48	`var schema = merge(gh, {tagNames: ['math', 'mi']})`
49
50	`rehype()`
51	`.data('settings', {fragment: true})`
52	`.use(sanitize, schema)`
53	`.process(fs.readFileSync('index.html'), function(err, file) {`
54	`if (err) throw err`
55	`console.log(String(file))`
56	`})`
57	```
58
59	Now, running `node example` yields:
60
61	```html
62	`<div>`
63	`<a>delta</a>`
64	`<img src="x">`
65
66	`<math>`
67	`<mi></mi>`
68	`</math>`
69	`</div>`
70	```
71
72	`## API`
73
74	### `rehype().use(sanitize[, schema])`
75
76	`Remove potentially dangerous things from HTML, or more correct: keep only safe`
77	`the things in a document.`
78
79	###### `schema`
80
81	`The sanitation schema defines how and if nodes and properties should be cleaned.`
82	The schema is documented in [`hast-util-sanitize`][schema].
83
84	`## Related`
85
86	* [`hast-util-sanitize`](https://github.com/syntax-tree/hast-util-sanitize)
87	`— Core utility that does the sanitation`
88
89	`## Contribute`
90
91	See [`contributing.md`][contributing] in [`rehypejs/.github`][health] for ways
92	`to get started.`
93	See [`support.md`][support] for ways to get help.
94
95	`This project has a [Code of Conduct][coc].`
96	`By interacting with this repository, organisation, or community you agree to`
97	`abide by its terms.`
98
99	`## License`
100
101	`[MIT][license] © [Titus Wormer][author]`
102
103	`<!-- Definitions -->`
104
105	`[build-badge]: https://img.shields.io/travis/rehypejs/rehype-sanitize.svg`
106
107	`[build]: https://travis-ci.org/rehypejs/rehype-sanitize`
108
109	`[coverage-badge]: https://img.shields.io/codecov/c/github/rehypejs/rehype-sanitize.svg`
110
111	`[coverage]: https://codecov.io/github/rehypejs/rehype-sanitize`
112
113	`[downloads-badge]: https://img.shields.io/npm/dm/rehype-sanitize.svg`
114
115	`[downloads]: https://www.npmjs.com/package/rehype-sanitize`
116
117	`[size-badge]: https://img.shields.io/bundlephobia/minzip/rehype-sanitize.svg`
118
119	`[size]: https://bundlephobia.com/result?p=rehype-sanitize`
120
121	`[sponsors-badge]: https://opencollective.com/unified/sponsors/badge.svg`
122
123	`[backers-badge]: https://opencollective.com/unified/backers/badge.svg`
124
125	`[collective]: https://opencollective.com/unified`
126
127	`[chat-badge]: https://img.shields.io/badge/join%20the%20community-on%20spectrum-7b16ff.svg`
128
129	`[chat]: https://spectrum.chat/unified/rehype`
130
131	`[npm]: https://docs.npmjs.com/cli/install`
132
133	`[health]: https://github.com/rehypejs/.github`
134
135	`[contributing]: https://github.com/rehypejs/.github/blob/master/contributing.md`
136
137	`[support]: https://github.com/rehypejs/.github/blob/master/support.md`
138
139	`[coc]: https://github.com/rehypejs/.github/blob/master/code-of-conduct.md`
140
141	`[license]: license`
142
143	`[author]: https://wooorm.com`
144
145	`[rehype]: https://github.com/rehypejs/rehype`
146
147	`[schema]: https://github.com/syntax-tree/hast-util-sanitize#schema`