node package manager
Easy collaboration. Discover, share, and reuse code in your team. Create a free org »

sanitize-caja

Build Status

sanitize-caja

Sanitize HTML content using the Google Caja JsHtmlSanitizer and a set of basic assumptions, and a wrapper to make it all work in nodejs without global variable leaks and so on.

This is a slightly 'loosened' version of Caja's restrictions, to allow for things like images, links, and a few HTML5 elements.

api

sanitize(html: string) -> sanitized string

Sanitize a string of HTML content, returning a sanitized string.

install

npm install sanitize-caja

example

var sanitize = require('sanitize-caja');
 
document.write(sanitize(evilUserInput));

see also