{"id":15387257,"url":"https://github.com/rhysd/marked-sanitizer-github","last_synced_at":"2025-04-15T17:32:43.341Z","repository":{"id":30602967,"uuid":"123568263","full_name":"rhysd/marked-sanitizer-github","owner":"rhysd","description":"A sanitizer for marked.js which sanitizes HTML elements in markdown with the same manner as GitHub","archived":false,"fork":false,"pushed_at":"2023-02-11T13:13:16.000Z","size":4648,"stargazers_count":14,"open_issues_count":6,"forks_count":8,"subscribers_count":4,"default_branch":"master","last_synced_at":"2024-10-05T12:32:09.539Z","etag":null,"topics":["github","markdown","marked","sanitize"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rhysd.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-02T10:53:36.000Z","updated_at":"2023-06-04T08:14:42.000Z","dependencies_parsed_at":"2023-02-18T05:15:54.880Z","dependency_job_id":null,"html_url":"https://github.com/rhysd/marked-sanitizer-github","commit_stats":{"total_commits":72,"total_committers":3,"mean_commits":24.0,"dds":"0.19444444444444442","last_synced_commit":"2e79e891ce6b1e4eae0a34948eab1c3c69a1dc54"},"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhysd%2Fmarked-sanitizer-github","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhysd%2Fmarked-sanitizer-github/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhysd%2Fmarked-sanitizer-github/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rhysd%2Fmarked-sanitizer-github/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rhysd","download_url":"https://codeload.github.com/rhysd/marked-sanitizer-github/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":219904544,"owners_count":16566519,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github","markdown","marked","sanitize"],"created_at":"2024-10-01T14:53:03.712Z","updated_at":"2024-10-16T22:41:06.708Z","avatar_url":"https://github.com/rhysd.png","language":"TypeScript","readme":"Port of GitHub's Markdown Sanitizer for [marked][]\n==================================================\n[![npm version badge][]][npm pacakge]\n[![Build Status][]][Travis CI]\n[![Coverage Status][]][Codecov]\n\n[marked-sanitizer-github][] provides a sanitizer to sanitize HTML elements in Markdown documents.\nThe implementation was ported from [html-pipeline](html-pipeline/lib/html/pipeline/sanitization_filter.rb).\n\n[marked][] provides sanitization by default. But it does not allow any HTML elements and escapes\nall of them in a parsing Markdown document. By using [marked-sanitizer-github][], some safe\nHTML elements are available.\n\nWhen a sanitizer detects broken HTML elements (e.g. not closing element), it escapes all elements\nafter that.\n\nThis package was created to be used for [Shiba](https://github.com/rhysd/Shiba).\n\n## :warning: WARNING :warning:\n\nFrom marked v0.7.0, `sanitize` option was deprecated. Please read\n[the usage document of marked](https://github.com/markedjs/marked#usage) for more details.\n\n## Installation\n\n```\n$ npm install --save marked-sanitizer-github\n```\n\n## Usage\n\nIt exports one class `SanitizeState` because the sanitization is stateful. You can get a sanitizer\nfor marked parser by calling `getSanitizer()` method. It returns a function object to sanitize.\n\n```javascript\nconst marked = require('marked');\nconst SanitizeState = require('marked-sanitizer-github').default;\n\nconst md = `some document`;\n\nconst state = new SanitizeState();\n\n// Convert a markdown document to HTML with sanitization\nconst html = marked(md, {\n    sanitize: true,\n    sanitizer: state.getSanitizer(),\n});\n\nconsole.log(html);\n```\n\n`SanitizeState` class also provides `reset()` method, `isBroken()` method and `isInUse()` method.\n\n`reset()` method resets the sanitization state. If you use the `SanitizeState` object multiple times,\nyou must call the method before parsing a markdown document.\n\n`isBroken()` method returns whether the state is broken. A broken state means that Some HTML elements in\na sanitized document were broken (e.g. tag mismatch, closing tag does not appear, ...).\n\nYou can have a callback to know the reason why the document is broken as follows:\n\n```javascript\nstate.onDetectedBroken = (reason, tag) =\u003e {\n    console.error(`Broken HTML around '${tag}' tag: ${reason}`);\n};\n```\n\n`isInUse()` method returns whether the state object has ongoing state or is ready for parsing a new\ndocument. `true` means the internal state is in use (not ready for parsing a new document).\nReturning `true` means it requires to call `reset()` method before parsing a new document.\n\n## Sanitized elements\n\n- **Allowed elements**: `h1`, `h2`, `h3`, `h4`, `h5`, `h6`, `h7`, `h8`, `br`, `b`, `i`, `strong`, `em`, `a`, `pre`, `code`, `img`, `tt`, `div`, `ins`, `del`, `sup`, `sub`, `p`, `ol`, `ul`, `table`, `thead`, `tbody`, `tfoot`, `blockquote`, `dl`, `dt`, `dd`, `kbd`, `q`, `samp`, `var`, `hr`, `ruby`, `rt`, `rp`, `li`, `tr`, `td`, `th`, `s`, `strike`, `summary` and `details`\n- **Allowed attributes**: Only following attributes are allowed for allowed elements.\n  - **a**: `href`\n  - **img**: `src` and `longdesc`\n  - **div**: `itemscope` and `itemtype`\n  - **blockquote**: `cite`\n  - **del**: `cite`\n  - **ins**: `cite`\n  - **q**: `cite`\n  - **ALL**: `abbr`, `accept`, `accept-charset`, `accesskey`, `action`, `align`, `alt`, `axis`, `border`, `cellpadding`, `cellspacing`, `char`, `charoff`, `charset`, `checked`, `clear`, `cols`, `colspan`, `color`, `compact`, `coords`, `datetime`, `dir`, `disabled`, `enctype`, `for`, `frame`, `headers`, `height`, `hreflang`, `hspace`, `ismap`, `label`, `lang`, `maxlength`, `media`, `method`, `multiple`, `name`, `nohref`, `noshade`, `nowrap`, `open`, `prompt`, `readonly`, `rel`, `rev`, `rows`, `rowspan`, `rules`, `scope`, `selected`, `shape`, `size`, `span`, `start`, `summary`, `tabindex`, `target`, `title`, `type`, `usemap`, `valign`, `value`, `vspace`, `width` and `itemprop`\n- **Allowed protocols in attributes**: Only following protocols are allowed as values of allowed attributes\n  - **a**:\n    - **href**: `http`, `https`, `mailto`, `github-windows` and `github-mac`\n  - **blockquote**:\n    - **cite**: `http` and `https`\n  - **del**:\n    - **cite**: `http` and `https`\n  - **ins**:\n    - **cite**: `http` and `https`\n  - **q**:\n    - **cite**: `http` and `https`\n  - **img**:\n    - **src**: `http` and `https`\n    - **longdesc**: `http` and `https`\n- `li` must be nested in `ul` and `ol`\n- Table items (`tr`, `td` and `th`) and table headers (`thead`, `tbody` and `tfoot`) must be nested in `table`\n\n## License\n\n[MIT License](LICENSE)\n\n[marked]: https://github.com/markedjs/marked\n[marked-sanitizer-github]: https://github.com/rhysd/marked-sanitizer-github\n[npm version badge]: https://badge.fury.io/js/marked-sanitizer-github.svg\n[npm pacakge]: https://www.npmjs.com/package/marked-sanitizer-github\n[Build Status]: https://travis-ci.org/rhysd/marked-sanitizer-github.svg?branch=master\n[Travis CI]: https://travis-ci.org/rhysd/marked-sanitizer-github\n[Coverage Status]: https://codecov.io/gh/rhysd/marked-sanitizer-github/branch/master/graph/badge.svg\n[Codecov]: https://codecov.io/gh/rhysd/marked-sanitizer-github\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhysd%2Fmarked-sanitizer-github","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frhysd%2Fmarked-sanitizer-github","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frhysd%2Fmarked-sanitizer-github/lists"}