{"id":13508271,"url":"https://github.com/rrrene/html_sanitize_ex","last_synced_at":"2025-12-28T21:49:47.991Z","repository":{"id":34627451,"uuid":"38577119","full_name":"rrrene/html_sanitize_ex","owner":"rrrene","description":"HTML sanitizer for Elixir","archived":false,"fork":false,"pushed_at":"2024-08-19T16:05:07.000Z","size":293,"stargazers_count":271,"open_issues_count":5,"forks_count":63,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-10-30T02:03:53.981Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Elixir","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rrrene.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-07-05T17:12:45.000Z","updated_at":"2024-08-27T12:17:47.000Z","dependencies_parsed_at":"2024-06-18T12:40:04.013Z","dependency_job_id":"32d8240b-b477-4999-9b2c-7f50f9ce180f","html_url":"https://github.com/rrrene/html_sanitize_ex","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrrene%2Fhtml_sanitize_ex","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrrene%2Fhtml_sanitize_ex/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrrene%2Fhtml_sanitize_ex/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rrrene%2Fhtml_sanitize_ex/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rrrene","download_url":"https://codeload.github.com/rrrene/html_sanitize_ex/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247234920,"owners_count":20905854,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T02:00:50.665Z","updated_at":"2025-12-28T21:49:47.978Z","avatar_url":"https://github.com/rrrene.png","language":"Elixir","funding_links":[],"categories":["HTML","Text and Numbers"],"sub_categories":[],"readme":"# HtmlSanitizeEx [![CI Tests](https://github.com/rrrene/html_sanitize_ex/actions/workflows/ci-workflow.yml/badge.svg)](https://github.com/rrrene/html_sanitize_ex/actions/workflows/ci-workflow.yml) [![Inline docs](http://inch-ci.org/github/rrrene/html_sanitize_ex.svg?branch=master)](http://inch-ci.org/github/rrrene/html_sanitize_ex)\n\n`html_sanitize_ex` provides a fast and straightforward HTML Sanitizer written in Elixir which lets you include HTML authored by third-parties in your web application while protecting against XSS.\n\nIt is the first Hex package to come out of the [elixirstatus.com](http://elixirstatus.com) project, where it will be used to sanitize user announcements from the Elixir community.\n\n\n\n## What can it do?\n\n`html_sanitize_ex` parses a given HTML string and, based on the used [Scrubber](https://github.com/rrrene/html_sanitize_ex/tree/master/lib/html_sanitize_ex/scrubber), either completely strips it from HTML tags or sanitizes it by only allowing certain HTML elements and attributes to be present.\n\n## Installation\n\nAdd html_sanitize_ex as a dependency in your `mix.exs` file.\n\n```elixir\ndefp deps do\n  [{:html_sanitize_ex, \"~\u003e 1.4\"}]\nend\n```\n\nAfter adding you are done, run `mix deps.get` in your shell to fetch the new dependency.\n\nThe only dependency of `html_sanitize_ex` is `mochiweb` which is used to parse HTML.\n\n\n## Usage\n\nDepending on the scrubber you select, it can strip all tags from the given string:\n\n```elixir\ntext = \"\u003ca href=\\\"javascript:alert('XSS');\\\"\u003etext here\u003c/a\u003e\"\nHtmlSanitizeEx.strip_tags(text)\n# =\u003e \"text here\"\n```\n\nOr allow certain basic HTML elements to remain:\n\n```elixir\ntext = \"\u003ch1\u003eHello \u003cscript\u003eWorld!\u003c/script\u003e\u003c/h1\u003e\"\nHtmlSanitizeEx.basic_html(text)\n# =\u003e \"\u003ch1\u003eHello World!\u003c/h1\u003e\"\n```\n\nThere are built-in scrubbers that cover common use cases, but you can also\neasily define custom scrubbers (see the next section).\n\nThe following default scrubbing options exist:\n\n```elixir\nHtmlSanitizeEx.basic_html(html)\nHtmlSanitizeEx.html5(html)\nHtmlSanitizeEx.markdown_html(html)\nHtmlSanitizeEx.strip_tags(html)\n```\n\nThere is also one scrubber primarily used for testing:\n\n```elixir\nHtmlSanitizeEx.noscrub(html)\n```\n\nBefore using or extending a built-in scrubber, you should verify that it functions in the way\nyou expect. The built-in scrubbers are located in\n[/lib/html_sanitize_ex/scrubber](https://github.com/rrrene/html_sanitize_ex/tree/master/lib/html_sanitize_ex/scrubber)\n\n## Custom Scrubbers\n\nA custom scrubber has the advantage of allowing you to support only the minimum\nfunctionality needed for your use case.\n\nWith a custom scrubber, you define which tags, attributes, and uri schemes (e.g.\n`https`, `mailto`, `javascript`, etc.) are allowed. Anything not allowed can\nthen be stripped out.\n\nHere is an example of a custom scrubber which allows only `p`, `h1`, and\n`a` tags, and restricts the `href` attribute to only the `https` and `mailto`\n[URI schemes](https://en.wikipedia.org/wiki/List_of_URI_schemes). It also\nremoves CDATA sections and comments.\n\n```elixir\ndefmodule MyProject.MyScrubber do\n  use HtmlSanitizeEx\n\n  allow_tag_with_these_attributes(\"p\", [])\n  allow_tag_with_these_attributes(\"h1\", [])\n\n  allow_tag_with_uri_attributes(\"a\", [\"href\"], [\"https\", \"mailto\"])\nend\n```\n\nThen, you can use the scrubber in your project by calling `MyProject.MyScrubber.sanitize/1`:\n\n```elixir\ntext = \"\u003ch1\u003eHello \u003cscript\u003eWorld!\u003c/script\u003e\u003c/h1\u003e\"\nMyProject.MyScrubber.sanitize(text)\n# =\u003e \"\u003ch1\u003eHello World!\u003c/h1\u003e\"\n```\n\nA great way to make a custom scrubber is to use one the of built-in scrubbers closest to your use case as a template.\n\nThe built in scrubbers are located in\n[/lib/html_sanitize_ex/scrubber](https://github.com/rrrene/html_sanitize_ex/tree/master/lib/html_sanitize_ex/scrubber)\n\n\n## Extending Scrubbers\n\nLet's say you love `HtmlSanitizeEx.basic_html/1`, you just need it to also support the `small` tag (for whatever reason).\n\nYou can extend any scrubber by using the `:extend` option.\n\n```elixir\ndefmodule MyProject.MyScrubber do\n  use HtmlSanitizeEx, extend: :basic_html\n\n  allow_tag_with_these_attributes(\"small\", [])\nend\n```\n\nYou can extend `:basic_html`, `:html5`, `:markdown_html` and `:strip_tags` to extend built-in functionality and you can also extend any custom scrubber you created:\n\n```elixir\ndefmodule MyProject.MyOtherScrubber do\n  use HtmlSanitizeEx, extend: MyProject.MyScrubber\n\n  allow_tag_with_these_attributes(\"p\", [\"class\"])\nend\n```\n\nThe result is a scrubber that works like the built-in BasicHTML scrubber, but also allows `small` tags and `class` attributes on `\u003cp\u003e` tags.\n\n\n## Contributing\n\n1. [Fork it!](http://github.com/rrrene/html_sanitize_ex/fork)\n2. Create your feature branch (`git checkout -b my-new-feature`)\n3. Commit your changes (`git commit -am 'Add some feature'`)\n4. Push to the branch (`git push origin my-new-feature`)\n5. Create new Pull Request\n\n\n\n## Author\n\nRené Föhring (@rrrene)\n\n\n\n\n## License\n\nhtml_sanitize_ex is released under the MIT License. See the LICENSE file for further\ndetails.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frrrene%2Fhtml_sanitize_ex","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frrrene%2Fhtml_sanitize_ex","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frrrene%2Fhtml_sanitize_ex/lists"}