striptags

An implementation of PHP's strip_tags in Node.js.

Features

Fast
Zero dependencies
100% test code coverage
No unsafe regular expressions

Installing

npm install striptags

Basic Usage

striptags(html, allowed_tags, tag_replacement);

Example

var striptags = require('striptags');
 
var html =
    '<a href="https://example.com">' +
        'lorem ipsum <strong>dolor</strong> <em>sit</em> amet' +
    '</a>';
 
striptags(html);
striptags(html, '<strong>');
striptags(html, ['a']);
striptags(html, [], '\n');

Outputs:

'lorem ipsum dolor sit amet'

lorem ipsum <strong>dolor</strong> sit amet'

'<a href="https://example.com">lorem ipsum dolor sit amet</a>'

 
lorem ipsum
dolor
 sit amet

Streaming Mode

striptags can also operate in streaming mode. Simply call init_streaming_mode to get back a function that accepts HTML and outputs stripped HTML. State is saved between calls so that partial HTML can be safely passed in.

let stream_function = striptags.init_streaming_mode(
    allowed_tags,
    tag_replacement
);
 
let partial_text = stream_function(partial_html);
let more_text    = stream_function(more_html);

Check out test/striptags-test.js for a concrete example.

Tests

You can run tests (powered by mocha) locally via:

npm test

Generate test coverage (powered by istanbul) via :

npm run coverage

Doesn't use regular expressions

striptags does not use any regular expressions for stripping HTML tags.

Regular expressions are not capable of preventing all possible scripting attacks (see this). Here is a great StackOverflow answer regarding how strip_tags (when used without specifying allowableTags) is not vulnerable to scripting attacks.

striptags

striptags

Features

Installing

Basic Usage

Example

Streaming Mode

Tests

Doesn't use regular expressions

Use this within your firewall

Collaborators list

Stats

Try it out

Keywords

Dependencies

Dependents (170)