cockblock

2.0.1 • Public • Published

cockblock

Simple whitelist-based html sanitizer inspired by the SanitizationFilter in GitHub's html-pipeline library.

Works in node (through cheerio) and in the browser (through jquery), and weighs in ~ 2kb minimized.

API

var cockblock = require("cockblock");
cockblock(html[, options]);     // Returns sanitized html
cockblock.url(url[, options]);  // Returns sanitized url

In the browser, just include jquery and cockblock.js:

<script src="path/to/jquery.js" type="text/javascript"></script>
<script src="path/to/cockblock.js" type="text/javascript"></script>

Options

The library comes with a sensible set of defaults. You can override them through cockblock.defaults or simply pass the options inline.

// Simplified example that only permits <a>, <em> and <strong> elements.
// Titles are permitted on all elements and links can also include href.
// Only absolute http(s) links are permitted.
cockblock.defaults = {
  elements: ["a", "em", "strong"],
 
  attributes: {
    "a": ["href"],
    "all": ["title"]
  },
 
  protocols: /^(http|https)/i
};

See lib/cockblock.js for the default set of allowed elements, attributes, and supported protocols.

Contributing

Want to contribute? Great! Open an issue if you've found a bug, and pull requests are always welcome.

git clone https://github.com/kumu/cockblock && cd cockblock
npm install -g mocha
npm install
make test          # run tests within console / cheerio
make test-browser  # run tests within browser / jquery

Package Sidebar

Install

npm i cockblock

Weekly Downloads

1

Version

2.0.1

License

MIT

Last publish

Collaborators

  • rymohr