graphql-html-sanitizer
Contains a graphql directive and scalar type for sanitizing html input and field data.
Installation
Install package
yarn add graphql-html-sanitizer# typescript definitions are included
Add directive and/or scalar type to your graphql schema
your_schema.graphql
directive @sanitizeHTML(allowedTags: [String], allowedIframeHostnames: [String], selfClosing: [String], allowedSchemes: [String], allowedSchemesAppliedToAttributes: [String]) on FIELD_DEFINITION | INPUT_FIELD_DEFINITION scalar SanitizedHTML type PostUsingDirctive { content: String @sanitizeHTML(allowedTags: ["p", "i", "b"])} type PostUsingScalar { content: SanitizedHTML # Removes all script injection by default and leaves safe html} type PostInput { content: String! @sanitizeHTML(allowedTags: ["p", "i", "b"])}
Add to Apollo server