Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/elixirstatus/phoenix_html_sanitizer
HTML Sanitizer for Phoenix
https://github.com/elixirstatus/phoenix_html_sanitizer
Last synced: about 1 month ago
JSON representation
HTML Sanitizer for Phoenix
- Host: GitHub
- URL: https://github.com/elixirstatus/phoenix_html_sanitizer
- Owner: elixirstatus
- License: mit
- Created: 2015-07-31T14:15:36.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2024-08-21T19:39:45.000Z (4 months ago)
- Last Synced: 2024-09-21T23:48:10.087Z (3 months ago)
- Language: Elixir
- Homepage:
- Size: 20.5 KB
- Stars: 27
- Watchers: 3
- Forks: 13
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- freaking_awesome_elixir - Elixir - HTML Sanitizer integration for Phoenix. (Framework Components)
- fucking-awesome-elixir - phoenix_html_sanitizer - HTML Sanitizer integration for Phoenix. (Framework Components)
- awesome-elixir - phoenix_html_sanitizer - HTML Sanitizer integration for Phoenix. (Framework Components)
README
# Phoenix HTML Sanitizer [](https://beta.hexfaktor.org/github/elixirstatus/phoenix_html_sanitizer) [](http://inch-ci.org/github/elixirstatus/phoenix_html_sanitizer)
`phoenix_html_sanitizer` provides a simple way to sanitize user input in your Phoenix app.
It is extracted from the [elixirstatus.com](http://elixirstatus.com) project, where it is used to sanitize user annoucements from around the Elixir community.
## What can it do?
`phoenix_html_sanitizer` parses a given HTML string and either completely strips it from HTML tags or sanitizes it by only allowing certain HTML elements and attributes to be present. It depends on [html_sanitize_ex](http://github.com/rrrene/html_sanitize_ex) to do this.
## Installation
Add phoenix_html_sanitizer as a dependency in your `mix.exs` file.
```elixir
defp deps do
[
# ...
{:phoenix_html_sanitizer, "~> 1.2"}
]
end
```
After you are done, run `mix deps.get` in your shell.
To include the Sanitizer into all your views, you can add it to your `web.ex`
file:
```elixir
def view do
quote do
use Phoenix.View, root: "web/templates"
[snip]
# Use all HTML functionality (forms, tags, etc)
import Phoenix.HTML
import Phoenix.HTML.Form
use PhoenixHTMLHelpers
use PhoenixHtmlSanitizer, :basic_html <-------- add this line
end
end
```
You have to set one of three base modes here:
* `:strip_tags` - all tags are stripped from the input.
* `:basic_html` - some basic HTML tags are allowed. This is great for allowing basic usages of HTML for sites like online forums and it works great in combination with a Markdown parser.
* `:full_html` - all HTML5 tags are allowed and sanitized.
After you included `PhoenixHtmlSanitizer` into your `web.ex`, it will provide
two functions in your views:
* `sanitize/1` uses the defined base mode,
* `sanitize/2` takes the mode as second parameter.
## Usage in views
`sanitize` can strip all tags from the given string:
```elixir
text = "text here"
sanitize(text, :strips_tags)
# => {:safe, "text here"}
```
Or allow certain basic HTML elements to remain:
```elixir
text = "
Hello World!
"
sanitize(text, :basic_html)
# => {:safe, "Hello World!
"}
```
```elixir
text = "Hello World!"
sanitize(text, :full_html)
# => {:safe, "Hello World!"}
```
Notice how the output follows the Phoenix.HTML.Safe protocol.
Thus both `sanitize/1` and `sanitize/2` can be used directly in your views:
<%= sanitize "
Hello World!
" %>
This prints `
Hello World!
` into your `eex` template.
## Contributing
1. [Fork it!](http://github.com/elixirstatus/phoenix_html_sanitizer/fork)
2. Create your feature branch (`git checkout -b my-new-feature`)
3. Commit your changes (`git commit -am 'Add some feature'`)
4. Push to the branch (`git push origin my-new-feature`)
5. Create new Pull Request
## Author
René Föhring (@rrrene)
## License
phoenix_html_sanitizer is released under the MIT License. See the LICENSE file
for further details.