{"id":23826022,"url":"https://github.com/eperegrine/script_sanitizer.js","last_synced_at":"2026-04-12T12:41:00.422Z","repository":{"id":57356363,"uuid":"64014497","full_name":"eperegrine/script_sanitizer.js","owner":"eperegrine","description":"A simple npm library to remove script tags but keep other html","archived":false,"fork":false,"pushed_at":"2021-03-26T09:48:22.000Z","size":528,"stargazers_count":1,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-10T01:03:34.805Z","etag":null,"topics":["javascript","npm","npm-package","regex","script-sanitizer","security","security-tools","xss","xss-prevention"],"latest_commit_sha":null,"homepage":"https://www.npmjs.com/package/script_sanitize","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/eperegrine.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"License","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2016-07-23T12:07:20.000Z","updated_at":"2021-03-26T09:48:24.000Z","dependencies_parsed_at":"2022-09-11T07:00:42.907Z","dependency_job_id":null,"html_url":"https://github.com/eperegrine/script_sanitizer.js","commit_stats":null,"previous_names":["everlessdrop41/script_sanitizer.js"],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eperegrine%2Fscript_sanitizer.js","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eperegrine%2Fscript_sanitizer.js/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eperegrine%2Fscript_sanitizer.js/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/eperegrine%2Fscript_sanitizer.js/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/eperegrine","download_url":"https://codeload.github.com/eperegrine/script_sanitizer.js/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":240113943,"owners_count":19749829,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["javascript","npm","npm-package","regex","script-sanitizer","security","security-tools","xss","xss-prevention"],"created_at":"2025-01-02T12:14:11.650Z","updated_at":"2025-12-12T04:35:02.308Z","avatar_url":"https://github.com/eperegrine.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# script_sanitizer.js\nA simple npm library to remove script tags but keep other html\n\n[![npm](https://img.shields.io/npm/dt/script_sanitize.svg)](https://www.npmjs.com/package/script_sanitize)\n[![Build Status](https://travis-ci.org/eperegrine/script_sanitizer.js.svg?branch=master)](https://travis-ci.org/eperegrine/script_sanitizer.js)\n[![npm](https://img.shields.io/npm/v/script_sanitize.svg?maxAge=2592000)](https://www.npmjs.com/package/script_sanitize)\n[![npm](https://img.shields.io/npm/l/express.svg?maxAge=2592000)](https://www.npmjs.com/package/script_sanitize)\n\nInstallation\n===\n- NPM:  `npm install script_sanitize`\n- CDN:   https://cdn.rawgit.com/eperegrine/script_sanitizer.js/master/dist/script_sanitize.min.js\n- Repo:  dist/script_sanitize.js\n- Repo Minified:  dist/script_sanitize.min.js\n\nDocumention\n===========\nhttps://doclets.io/eperegrine/script_sanitizer.js/master\n\nUsage\n===\nIf on Node.js\n```js\nconst script_sanitize = require('../script_sanitize');\nvar sanitize = script_sanitize.sanitize;\n```\n\nIf on a website\n\n```html\n\u003cscript href=\"https://cdn.rawgit.com/eperegrine/script_sanitizer.js/master/dist/script_sanitize.min.js\"\u003e\u003c/script\u003e\n\u003cscript type=\"text/javascript\"\u003e\n  var sanitize = script_sanitize.sanitize;\n\u003c/script\u003e\n```\n\nThe method is defined as\n\n`sanitize(html, options (optional))`\n\nand can be used like so\n\n```js\nvar sanitized = sanitize(\"\u003ch1\u003eHello\u003c/h1\u003e\u003cscript\u003ealert('hi')\u003c/script\u003e\");\n//=\u003e \u003ch1\u003eHello\u003c/h1\u003e\n```\n\n```js\nvar sanitizedWithReplacment = sanitize(\"\u003ch1\u003eHello\u003c/h1\u003e\u003cscript\u003ealert('hi')\u003c/script\u003e\", { replacementText: \"no\" });\n//=\u003e \u003ch1\u003eHello\u003c/h1\u003eno\n```\n\nAttributes\n--\n\nThe default attributes are stored in an array which can be refrenced like:\n\n```js\nvar attrArray = script_sanitize.defaultAttributes;\n```\n\nand if you wanted to make an attribute exempt you could apply it like so\n\n[thanks stack overflow](https://stackoverflow.com/questions/5767325/how-do-i-remove-a-particular-element-from-an-array-in-javascript)\n\n```js\nvar newAttrArray = script_sanitize.defaultAttributes;\nvar exemptIndex = newAttrArray.indexOf(\"onclick\");\nnewAttrArray.splice(exmptIndex, 1);\nsanitize(\"[HTML STUFF]\", { attributes: newAttrArray });\n```\n\nThe options parameter\n--\n\n| Option              | Description                                                                             | Default Value     |\n|---------------------|-----------------------------------------------------------------------------------------|-------------------|\n| replacementText     | The text to replace the script tag with                                                 | \"\"                |\n| loop                | Whether to replace via looping or a single statement                                    | true              |\n| replaceEndTagsAfter | In certain cases the ending script tag is still there, this options ensures it won't be | true              |\n| tags                | The tags that should be replaced                                                        | [\"script\"]        |\n| attributes          | The attributes that should be replaced                                                  | defaultAttributes |\n\nUtils\n--\n| Util                      | Description                                     |\n|---------------------------|-------------------------------------------------|\n| isDefined                 | Checks if a variable is defined                 |\n| defaultFor                | Sets a default value if a variable is defined   |\n| generateRegexForTag       | Generates a regex object for a tag              |\n| generateRegexForEndTag    | Generates a regex object to check an end tag    |\n| generateRegexForAttribute | Generates a regex object to check an attribute  |\n\nLicense\n===\n[MIT](https://opensource.org/licenses/MIT)\n\nDisclaimer\n===\nThe code uses regex, which has been sourced from [here](http://stackoverflow.com/questions/6659351/removing-all-script-tags-from-html-with-js-regular-expression)\nThe regex is:\n`/\u003cscript\\b[^\u003c]*(?:(?!\u003c\\/script\u003e)\u003c[^\u003c]*)*\u003c\\/script\\s*\u003e/gi`\n\nAlthough this library will likely be used for security purposes I, the developer, am not responsible if this pacakge doesn't meet your security requirements so use with caution\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feperegrine%2Fscript_sanitizer.js","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Feperegrine%2Fscript_sanitizer.js","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Feperegrine%2Fscript_sanitizer.js/lists"}