{"id":13546059,"url":"https://github.com/rust-ammonia/ammonia","last_synced_at":"2025-05-13T23:04:15.662Z","repository":{"id":41493408,"uuid":"41227649","full_name":"rust-ammonia/ammonia","owner":"rust-ammonia","description":"Repair and secure untrusted HTML","archived":false,"fork":false,"pushed_at":"2025-04-21T20:38:29.000Z","size":413,"stargazers_count":569,"open_issues_count":18,"forks_count":46,"subscribers_count":9,"default_branch":"master","last_synced_at":"2025-04-30T04:13:57.917Z","etag":null,"topics":["crates","html-sanitization","security","web"],"latest_commit_sha":null,"homepage":"","language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/rust-ammonia.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":"LICENSE-APACHE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2015-08-22T23:08:27.000Z","updated_at":"2025-04-28T04:50:45.000Z","dependencies_parsed_at":"2024-03-16T16:37:08.420Z","dependency_job_id":"fd60f563-3226-4214-bd86-513ad7d7d448","html_url":"https://github.com/rust-ammonia/ammonia","commit_stats":{"total_commits":284,"total_committers":25,"mean_commits":11.36,"dds":"0.37323943661971826","last_synced_commit":"aa0f8d2f8cee1030acc4ecad1da089f18b4afb65"},"previous_names":[],"tags_count":31,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-ammonia%2Fammonia","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-ammonia%2Fammonia/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-ammonia%2Fammonia/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/rust-ammonia%2Fammonia/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/rust-ammonia","download_url":"https://codeload.github.com/rust-ammonia/ammonia/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":254040469,"owners_count":22004547,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["crates","html-sanitization","security","web"],"created_at":"2024-08-01T12:00:30.838Z","updated_at":"2025-05-13T23:04:15.621Z","avatar_url":"https://github.com/rust-ammonia.png","language":"Rust","funding_links":[],"categories":["Web and Cloud Security","Rust"],"sub_categories":["Secure Frameworks"],"readme":"HTML Sanitization\n=================\n\n[![Crates.IO](https://img.shields.io/crates/v/ammonia.svg)](https://crates.io/crates/ammonia)\n![Requires rustc 1.80.0](https://img.shields.io/badge/rustc-1.80.0+-green.svg)\n\nAmmonia is a whitelist-based HTML sanitization library. It is designed to\nprevent cross-site scripting, layout breaking, and clickjacking caused\nby untrusted user-provided HTML being mixed into a larger web page.\n\nAmmonia uses [html5ever] to parse and serialize document fragments the same way browsers do,\nso it is extremely resilient to syntactic obfuscation.\n\nAmmonia parses its input exactly according to the HTML5 specification;\nit will not linkify bare URLs, insert line or paragraph breaks, or convert `(C)` into \u0026copy;.\nIf you want that, use a markup processor before running the sanitizer, like [pulldown-cmark].\n\n[html5ever]: https://github.com/servo/html5ever \"The HTML parser in Servo\"\n[pulldown-cmark]: https://github.com/google/pulldown-cmark\n\n\nInstallation\n-----------\n\nTo use `ammonia`, add it to your project's `Cargo.toml` file:\n\n```toml\n[dependencies]\nammonia = \"4.1\"\n```\n\n\nChanges\n-----------\nPlease see the [CHANGELOG](CHANGELOG.md) for a release history.\n\n\nExample\n-------\n\nUsing [pulldown-cmark] together with Ammonia for a friendly user-facing comment\nsite.\n\n```rust\nuse ammonia::clean;\nuse pulldown_cmark::{Parser, Options, html::push_html};\n\nlet text = \"[a link](http://www.notriddle.com/)\";\n\nlet mut options = Options::empty();\noptions.insert(Options::ENABLE_TABLES);\n\nlet mut md_parse = Parser::new_ext(text, options);\nlet mut unsafe_html = String::new();\npush_html(\u0026mut unsafe_html, md_parse);\n\nlet safe_html = clean(\u0026*unsafe_html);\nassert_eq!(safe_html, \"\u003ca href=\\\"http://www.notriddle.com/\\\"\u003ea link\u003c/a\u003e\");\n```\n\n\nPerformance\n-----------\n\nAmmonia builds a DOM, traverses it (replacing unwanted nodes along the way),\nand serializes it again. It could be faster for what it does, and if you don't\nwant to allow any HTML it is possible to be even faster than that.\n\nHowever, it takes about fifteen times longer to sanitize an HTML string using\n[bleach]-2.0.0 with html5lib-0.999999999 than it does using Ammonia 1.0.\n\n    $ cd benchmarks\n    $ cargo run --release\n        Running `target/release/ammonia_bench`\n    87539 nanoseconds to clean up the intro to the Ammonia docs.\n    $ python bleach_bench.py\n    (1498800.015449524, 'nanoseconds to clean up the intro to the Ammonia docs.')\n\n\nLicense\n------\n\nLicensed under either of these:\n\n * Apache License, Version 2.0, ([LICENSE-APACHE](LICENSE-APACHE) or\n   http://www.apache.org/licenses/LICENSE-2.0)\n * MIT license ([LICENSE-MIT](LICENSE-MIT) or\n   http://opensource.org/licenses/MIT)\n\n\nThanks\n------\n\nThanks to the other sanitizer libraries, particularly [Bleach] for Python and [sanitize-html] for Node,\nwhich we blatantly copied most of our API from.\n\nThanks to ChALkeR, whose [Improper Markup Sanitization] document helped us find high-level semantic holes in Ammonia,\nto [ssokolow](https://github.com/ssokolow), whose review and experience were also very helpful, to [securityMB](https://github.com/securityMB),\nfor finding a very obscure [namespace-related injection bug](https://github.com/rust-ammonia/ammonia/pull/142), and [xfix](https://github.com/xfix) for finding a [DoS bug in a recursive destructor](https://github.com/rust-ammonia/ammonia/pull/113).\n\nAnd finally, thanks to [the contributors].\n\n\n[sanitize-html]: https://www.npmjs.com/package/sanitize-html\n[Bleach]: https://bleach.readthedocs.io/\n[Improper Markup Sanitization]: https://github.com/ChALkeR/notes/blob/master/Improper-markup-sanitization.md\n[the contributors]: https://github.com/notriddle/ammonia/graphs/contributors\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-ammonia%2Fammonia","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frust-ammonia%2Fammonia","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frust-ammonia%2Fammonia/lists"}