{"id":18738447,"url":"https://github.com/robinboers/html-sanitize-ex","last_synced_at":"2025-11-18T03:30:13.792Z","repository":{"id":109927189,"uuid":"431903539","full_name":"RobinBoers/html-sanitize-ex","owner":"RobinBoers","description":"A fast and straightforward HTML Sanitizer written in Elixir which lets you include HTML authored by third-parties in your web application while protecting against XSS. A fork maintained by me with some minor adjustments.","archived":false,"fork":false,"pushed_at":"2021-12-06T15:31:38.000Z","size":528,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"master","last_synced_at":"2024-12-28T17:32:54.873Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/RobinBoers.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-25T16:03:54.000Z","updated_at":"2021-12-06T15:31:41.000Z","dependencies_parsed_at":"2023-05-05T00:34:47.068Z","dependency_job_id":null,"html_url":"https://github.com/RobinBoers/html-sanitize-ex","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinBoers%2Fhtml-sanitize-ex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinBoers%2Fhtml-sanitize-ex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinBoers%2Fhtml-sanitize-ex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/RobinBoers%2Fhtml-sanitize-ex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/RobinBoers","download_url":"https://codeload.github.com/RobinBoers/html-sanitize-ex/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239613449,"owners_count":19668588,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-07T15:29:16.307Z","updated_at":"2025-11-18T03:30:13.702Z","avatar_url":"https://github.com/RobinBoers.png","language":"Elixir","funding_links":[],"categories":[],"sub_categories":[],"readme":"# HtmlSanitizeEx [![Build Status](https://travis-ci.org/rrrene/html_sanitize_ex.svg)](https://travis-ci.org/rrrene/html_sanitize_ex) [![Inline docs](http://inch-ci.org/github/rrrene/html_sanitize_ex.svg?branch=master)](http://inch-ci.org/github/rrrene/html_sanitize_ex)\n\n`html_sanitize_ex` provides a fast and straightforward HTML Sanitizer written in Elixir which lets you include HTML authored by third-parties in your web application while protecting against XSS.\n\nThis is a fork that adds the `no_image` mode, which allows basic HTML, but strips all the images. I used this in Nindo, because images would be a big performance hit when loading pages and causes problems when the image paths were relative.\n\nIt is the first Hex package to come out of the [elixirstatus.com](http://elixirstatus.com) project, where it will be used to sanitize user announcements from the Elixir community.\n\n## What can it do?\n\n`html_sanitize_ex` parses a given HTML string and, based on the used [Scrubber](https://github.com/rrrene/html_sanitize_ex/tree/master/lib/html_sanitize_ex/scrubber), either completely strips it from HTML tags or sanitizes it by only allowing certain HTML elements and attributes to be present.\n\n**NOTE:** The one thing missing at this moment is ***support for styles***. To add this, we have to implement a Scrubber for CSS, to prevent nasty CSS hacks using `\u003cstyle\u003e` tags and attributes.\n\nOtherwise `html_sanitize_ex` is a full-featured HTML sanitizer.\n\n## Installation\n\nAdd `html_sanitize_ex` as a dependency in your `mix.exs` file.\n\n```elixir\ndefp deps do\n  [{:html_sanitize_ex, \"~\u003e 1.4\"}]\nend\n```\n\nAfter adding you are done, run `mix deps.get` in your shell to fetch the new dependency.\n\nThe only dependency of `html_sanitize_ex` is `mochiweb` which is used to parse HTML.\n\n## Usage\n\nIt can strip all tags from the given string:\n\n```elixir\ntext = \"\u003ca href=\\\"javascript:alert('XSS');\\\"\u003etext here\u003c/a\u003e\"\nHtmlSanitizeEx.strip_tags(text)\n# =\u003e \"text here\"\n```\n\nOr allow certain basic HTML elements to remain:\n\n```elixir\ntext = \"\u003ch1\u003eHello \u003cscript\u003eWorld!\u003c/script\u003e\u003c/h1\u003e\"\nHtmlSanitizeEx.basic_html(text)\n# =\u003e \"\u003ch1\u003eHello World!\u003c/h1\u003e\"\n```\n\nThe following scrubbing options exist:\n\n```elixir\nHtmlSanitizeEx.noscrub(html)\nHtmlSanitizeEx.basic_html(html)\nHtmlSanitizeEx.no_images(html)\nHtmlSanitizeEx.html5(html)\nHtmlSanitizeEx.markdown_html(html)\nHtmlSanitizeEx.strip_tags(html)\n```\n\n**TODO: write more comprehensive usage description**\n\n## Contributing\n\n1. [Fork it!](http://github.com/rrrene/html_sanitize_ex/fork)\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\n## Author\n\nRené Föhring (@rrrene)\n\n## License\n\nhtml_sanitize_ex is released under the MIT License. See the LICENSE file for further\ndetails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobinboers%2Fhtml-sanitize-ex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frobinboers%2Fhtml-sanitize-ex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frobinboers%2Fhtml-sanitize-ex/lists"}