{"id":24983672,"url":"https://github.com/posthtml/posthtml-nonce","last_synced_at":"2025-03-29T10:12:38.025Z","repository":{"id":57328804,"uuid":"114001220","full_name":"posthtml/posthtml-nonce","owner":"posthtml","description":"A posthtml plugin create whitelist for specific inline scripts using a cryptographic nonce","archived":false,"fork":false,"pushed_at":"2019-03-15T07:00:57.000Z","size":283,"stargazers_count":3,"open_issues_count":2,"forks_count":0,"subscribers_count":3,"default_branch":"master","last_synced_at":"2024-10-29T21:06:06.583Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/posthtml.png","metadata":{"files":{"readme":"readme.md","changelog":"changelog.md","contributing":null,"funding":null,"license":"license","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-12-12T14:38:24.000Z","updated_at":"2020-05-03T23:40:06.000Z","dependencies_parsed_at":"2022-09-07T17:24:24.984Z","dependency_job_id":null,"html_url":"https://github.com/posthtml/posthtml-nonce","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/posthtml%2Fposthtml-nonce","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/posthtml%2Fposthtml-nonce/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/posthtml%2Fposthtml-nonce/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/posthtml%2Fposthtml-nonce/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/posthtml","download_url":"https://codeload.github.com/posthtml/posthtml-nonce/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246168110,"owners_count":20734390,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-02-04T09:20:16.322Z","updated_at":"2025-03-29T10:12:38.005Z","avatar_url":"https://github.com/posthtml.png","language":"JavaScript","readme":"# posthtml-nonce\n\n\u003e A posthtml plugin create whitelist for specific inline scripts,styles,images,media using a cryptographic nonce \n\n[![Travis Build Status](https://img.shields.io/travis/posthtml/posthtml-nonce.svg?style=flat-square\u0026label=unix)](https://travis-ci.org/posthtml/posthtml-nonce)[![node](https://img.shields.io/node/v/posthtml-nonce.svg?style=flat-square)]()[![npm version](https://img.shields.io/npm/v/posthtml-nonce.svg?style=flat-square)](https://www.npmjs.com/package/posthtml-nonce)[![Dependency Status](https://david-dm.org/posthtml/posthtml-nonce.svg?style=flat-square)](https://david-dm.org/posthtml/posthtml-nonce)[![XO code style](https://img.shields.io/badge/code_style-XO-5ed9c7.svg?style=flat-square)](https://github.com/sindresorhus/xo)[![Coveralls status](https://img.shields.io/coveralls/posthtml/posthtml-nonce.svg?style=flat-square)](https://coveralls.io/r/posthtml/posthtml-nonce)\n\n## Why?  \nThe HTTP [`Content-Security-Policy`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy) response header allows web site administrators to control resources the user agent is allowed to load for a given page. With a few exceptions, policies mostly involve specifying server origins and script endpoints. This helps guard against cross-site scripting attacks (XSS).  \n\u003e Used in conjunction with the `middleware`\n\n## Install\n\n```bash\nnpm i -S posthtml posthtml-nonce\n```\n\n\u003e **Note:** This project is compatible with node v6+\n\n## Usage\n\n```js\nimport {readFileSync, writeFileSync} from 'fs';\nimport posthtml from 'posthtml';\nimport posthtmlNonce from 'posthtml-nonce';\n\nconst html = readFileSync('input.html', 'utf8');\n\nposthtml()\n  .use(posthtmlNonce({tags: ['links'], nonce: '4f90d13a42'}))\n  .process(html)\n  .then(result =\u003e {\n    writeFileSync('output.html', result.html);\n  });\n\n```\n\n## Example\n\ninput.html\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n  \u003chead\u003e\n    \u003clink rel=\"stylesheet\" href=\"style.css\"\u003e\n  \u003c/head\u003e\n  \u003cbody\u003e\n    \u003cimg data-src=\"logo.svg\" alt=\"\"\u003e\n    \u003cscript src=\"script.js\"\u003e\u003c/script\u003e\n  \u003c/body\u003e\n\u003chtml\u003e\n```\n\noutput.html\n```html\n\u003c!DOCTYPE html\u003e\n\u003chtml\u003e\n  \u003chead\u003e\n    \u003clink rel=\"stylesheet\" href=\"style.css\" nonce=\"4f90d13a42\"\u003e\n  \u003c/head\u003e\n  \u003cbody\u003e\n    \u003cimg data-src=\"logo.svg\" alt=\"\"\u003e\n    \u003cscript src=\"script.js\"\u003e\u003c/script\u003e\n  \u003c/body\u003e\n\u003chtml\u003e\n```\n\u003e *will be added nonce attribute with nanoid*\n\n## Options\n\n### `tags`\nType: `Array`(***required***)   \nDefault: `[]`  \nDescription: *You can also expand the list by adding the tags you need...*  \n\n### `nanoid`\nType: `String`(***required***)   \nDefault: ``  \nDescription: *nanoid*  \n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fposthtml%2Fposthtml-nonce","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fposthtml%2Fposthtml-nonce","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fposthtml%2Fposthtml-nonce/lists"}