{"id":13528343,"url":"https://github.com/ericnorris/striptags","last_synced_at":"2025-04-10T06:14:21.126Z","repository":{"id":18179531,"uuid":"21293722","full_name":"ericnorris/striptags","owner":"ericnorris","description":"An implementation of PHP's strip_tags in Typescript.","archived":false,"fork":false,"pushed_at":"2022-10-04T22:00:45.000Z","size":175,"stargazers_count":493,"open_issues_count":1,"forks_count":52,"subscribers_count":9,"default_branch":"main","last_synced_at":"2025-04-06T18:49:26.234Z","etag":null,"topics":["html","node","strip-tags","striptags","xss"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/ericnorris.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null}},"created_at":"2014-06-28T01:36:02.000Z","updated_at":"2025-03-31T13:31:57.000Z","dependencies_parsed_at":"2022-07-26T21:02:13.990Z","dependency_job_id":null,"html_url":"https://github.com/ericnorris/striptags","commit_stats":null,"previous_names":[],"tags_count":21,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericnorris%2Fstriptags","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericnorris%2Fstriptags/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericnorris%2Fstriptags/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/ericnorris%2Fstriptags/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/ericnorris","download_url":"https://codeload.github.com/ericnorris/striptags/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248166925,"owners_count":21058481,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["html","node","strip-tags","striptags","xss"],"created_at":"2024-08-01T06:02:26.731Z","updated_at":"2025-04-10T06:14:21.103Z","avatar_url":"https://github.com/ericnorris.png","language":"TypeScript","readme":"# striptags\n\nAn implementation of PHP's [strip_tags](https://www.php.net/manual/en/function.strip-tags.php) in Typescript.\n\n**Note:** this is a total rewrite from [v3](https://github.com/ericnorris/striptags/tree/v3.x.x), and as such, is currently in an alpha state. Feel free to use this during the alpha period and provide feedback before it is released as v4.\n\n## Highlights\n\n- No dependencies\n- Prevents XSS by default\n\n## Installing\n\n```\nnpm install striptags@alpha\n```\n\n## Basic Usage\n\n```typescript\nstriptags(text: string, options?: Partial\u003cStateMachineOptions\u003e): string;\n```\n\n### Examples\n\n```javascript\n// commonjs\nconst striptags = require(\"striptags\").striptags;\n\n// alternatively, as an es6 import\n// import { striptags } from \"striptags\";\n\nvar html = `\n\u003ca href=\"https://example.com\"\u003elorem ipsum \u003cstrong\u003edolor\u003c/strong\u003e \u003cem\u003esit\u003c/em\u003e amet\u003c/a\u003e\n`.trim();\n\nconsole.log(striptags(html));\nconsole.log(striptags(html, { allowedTags: new Set([\"strong\"]) }));\nconsole.log(striptags(html, { tagReplacementText: \"🍩\" }));\n```\n\nOutputs:\n\n```\nlorem ipsum dolor sit amet\nlorem ipsum \u003cstrong\u003edolor\u003c/strong\u003e sit amet\n🍩lorem ipsum 🍩dolor🍩 🍩sit🍩 amet🍩\n```\n\n## Advanced Usage\n\n```typescript\nclass StateMachine {\n    constructor(partialOptions?: Partial\u003cStateMachineOptions\u003e);\n    consume(text: string): string;\n}\n```\n\nThe `StateMachine` class is similar to the `striptags` function, but persists state across calls to `consume()` so that you may safely pass in a stream of text. For example:\n\n```javascript\n// commonjs\nconst StateMachine = require(\"striptags\").StateMachine;\n\n// alternatively, as an es6 import\n// import { StateMachine } from \"striptags\";\n\nconst instance = new StateMachine();\n\nconsole.log(instance.consume(\"some text with \u003ca\") + instance.consume(\"tag\u003eand more text\"));\n```\n\nOutputs:\n\n```\nsome text with and more text\n```\n\n## Safety\n\n`striptags` is safe to use by default; the output is guaranteed to be free of potential XSS vectors if used as text within a tag. **Specifying either `allowedTags` or `disallowedTags` in the options argument removes this guarantee**, however. For example, a malicious user may achieve XSS via an attribute in an allowed tag: `\u003cimg onload=\"alert(1);\"\u003e`.\n\nIn addition, `striptags` will automatically HTML encode `\u003c` and `\u003e` characters followed by whitespace. While most browsers tested treat `\u003c` or `\u003e` followed by whitespace as a non-tag string, it is safer to escape the characters. You may change this behavior via the `encodePlaintextTagDelimiters` option described below.\n\n## `Partial\u003cStateMachineOptions\u003e`\n\n**`allowedTags?: Set\u003cstring\u003e`**\n\nA set containing a list of tag names to allow (e.g. `new Set([\"tagname\"])`). Tags not in this list will be removed. This option takes precedence over the `disallowedTags` option.\n\nDefault: `undefined`\n\n**`disallowedTags?: Set\u003cstring\u003e`**\n\nA set containing a list of tag names to disallow ((e.g. `new Set([\"tagname\"])`). Tags not in this list will be allowed. Ignored if `allowedTags` is set.\n\nDefault: `undefined`\n\n**`tagReplacementText?: string`**\n\nA string to use as replacement text when a tag is found and not allowed.\n\nDefault: `\"\"`\n\n**`encodePlaintextTagDelimiters?: boolean`**\n\nSetting this option to true will cause `\u003c` and `\u003e` characters immediately followed by whitespace to be HTML encoded. This is safe to set to `false` if the output is expected to be used only as plaintext (i.e. it will not be displayed alongside other HTML).\n\nDefault: `true`\n","funding_links":[],"categories":["模块","TypeScript","Modules"],"sub_categories":["String"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fericnorris%2Fstriptags","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fericnorris%2Fstriptags","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fericnorris%2Fstriptags/lists"}