https://github.com/pseudomuto/safe_htmlify

Safely display user-generated HTML on your web page
https://github.com/pseudomuto/safe_htmlify

Last synced: 9 months ago
JSON representation

Safely display user-generated HTML on your web page

• Host: GitHub
• URL: https://github.com/pseudomuto/safe_htmlify
• Owner: pseudomuto
• Created: 2013-10-16T19:26:11.000Z (over 12 years ago)
• Default Branch: master
• Last Pushed: 2013-11-12T00:50:16.000Z (over 12 years ago)
• Last Synced: 2025-01-30T14:52:43.703Z (over 1 year ago)
• Language: JavaScript
• Size: 145 KB
• Stars: 1
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# SafeHtmlify

[![Build Status](https://travis-ci.org/pseudomuto/safe_htmlify.png)](https://travis-ci.org/pseudomuto/safe_htmlify)

A jQuery plugin that strips HTML from strings except in cases where you say otherwise!

The main purpose is to be able to show user-generated HTML on a web page without having to worry about scripts/styles breaking your whole site.

Things to note:

* only allows specifically whitelisted tags and attributes, no other markup

* script tags are never allowed (even if you try to whitelist `script`)

## Installation

* Clone this repo and cd to the working directory

* Run `npm install` to download packages

* Run `lineman build` to build the script

* Copy `dist/js/safe_htmlify.js` to your project

*I intend to make this simpler in the future...*

## Usage

By default all HTML will be removed

    var safeHTML = $.safeHtmlify('
Some message here
');

    // safeHTML === 'Some message here'


You can whitelist tags by supplying an options hash with `tags`

    var safeHTML = $.safeHtmlify('
Some message here
', {

      tags: {

        p: []

      }

    });


    // safeHTML === '
Some message here
'


You can allow attributes on individual tags in the options hash

    var safeHTML = $.safeHtmlify('
Some message here
', {

      tags: {

        p: ['class']

      }

    });


    // safeHTML === '
Some message here
'


You can globally allow attributes (on any whitelisted tag) by supplying an options hash with `globalAttributes`

    var safeHTML = $.safeHtmlify('
Some message here
', {

      tags: {

        p: []

      },

      globalAttributes: ['class']

    });


    // safeHTML === '
Some message here
'


## Contributing

Same as always...fork it, change it, push it, pull it.

### Running Samples

    lineman run

Then open `http://localhost:8000`

### Running the tests

For this you'll want to have two terminals available

* In one terminal, run `lineman run` - this will watch for changes and build as necessary

* In another terminal, run `lineman spec` or `lineman spec-ci`