cockblock
Simple whitelist-based html sanitizer inspired by the SanitizationFilter
in GitHub's html-pipeline library.
Works in node (through cheerio) and in the browser (through jquery), and weighs in ~ 2kb minimized.
API
var cockblock = ;; // Returns sanitized htmlcockblock; // Returns sanitized url
In the browser, just include jquery and cockblock.js:
<script src="path/to/jquery.js" type="text/javascript"></script>
<script src="path/to/cockblock.js" type="text/javascript"></script>
Options
The library comes with a sensible set of defaults. You can override them
through cockblock.defaults
or simply pass the options inline.
// Simplified example that only permits <a>, <em> and <strong> elements.// Titles are permitted on all elements and links can also include href.// Only absolute http(s) links are permitted.cockblockdefaults = elements: "a" "em" "strong" attributes: "a": "href" "all": "title" protocols: /^/i;
See lib/cockblock.js for the default set of allowed elements, attributes, and supported protocols.
Contributing
Want to contribute? Great! Open an issue if you've found a bug, and pull requests are always welcome.
git clone https://github.com/kumu/cockblock && cd cockblock
npm install -g mocha
npm install
make test # run tests within console / cheerio
make test-browser # run tests within browser / jquery