How to use the sanitize-html.simpleTransform function in sanitize-html
To help you get started, we’ve selected a few sanitize-html examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
jupyterlab / jupyterlab / packages / apputils / src / sanitizer.ts View on Github 
visibility: [CssProp.VISIBILITY],
volume: [CssProp.VOLUME],
'white-space': [CssProp.WHITE_SPACE],
width: [CssProp.WIDTH],
'word-break': [CssProp.WORD_BREAK],
'word-spacing': [CssProp.WORD_SPACING],
'word-wrap': [CssProp.WORD_WRAP],
'z-index': [CssProp.Z_INDEX],
zoom: [CssProp.ZOOM]
}
},
transformTags: {
// Set the "rel" attribute for <a> tags to "nofollow".
a: sanitize.simpleTransform('a', { rel: 'nofollow' }),
// Set the "disabled" attribute for <input> tags.
input: sanitize.simpleTransform('input', { disabled: 'disabled' })
},
allowedSchemesByTag: {
// Allow 'attachment:' img src (used for markdown cell attachments).
img: sanitize.defaults.allowedSchemes.concat(['attachment'])
},
// Override of the default option, so we can skip 'src' attribute validation.
// 'src' Attributes are validated to be URIs, which does not allow for embedded (image) data.
// Since embedded data is no longer deemed to be a threat, validation can be skipped.
// See https://github.com/jupyterlab/jupyterlab/issues/5183
allowedSchemesAppliedToAttributes: ['href', 'cite']
};
}
/**
* The default instance of an `ISanitizer` meant for use by user code.
*/</a>// custom ones first:
font: [ 'color' ], // custom to matrix
a: [ 'href', 'name', 'target' ], // remote target: custom to matrix
// We don't currently allow img itself by default, but this
// would make sense if we did
img: [ 'src' ],
},
// Lots of these won't come up by default because we don't allow them
selfClosing: [ 'img', 'br', 'hr', 'area', 'base', 'basefont', 'input', 'link', 'meta' ],
// URL schemes we permit
allowedSchemes: [ 'http', 'https', 'ftp', 'mailto' ],
allowedSchemesByTag: {},
transformTags: { // custom to matrix
// add blank targets to all hyperlinks
'a': sanitizeHtml.simpleTransform('a', { target: '_blank'} )
},
};
module.exports = {
bodyToHtml: function(content, searchTerm) {
var originalBody = content.body;
var body;
if (searchTerm) {
var lastOffset = 0;
var bodyList = [];
var k = 0;
var offset;
// XXX: rather than searching for the search term in the body,
// we should be looking at the match delimiters returned by the FTS engineapp.locals.sanitizeRoomInfo = function(dirty){
return sanitizeHtml(dirty,{
transformTags: {
'a': sanitizeHtml.simpleTransform('a', {target: '_blank'}),
}
});
};
module.exports = app;function cleanHTML(dirty) {
return sanitizeHtml(dirty, {
allowedTags: [ 'b', 'i', 'em', 'strong', 'a', 'p', 'span', 'br' ],
transformTags: {
'div': sanitizeHtml.simpleTransform('p'),
},
allowedAttributes: {
'span': [ 'class', 'speakerLabel', 'confidenceScore4','sectionHeader','wordnoTimeCode','editableSection','confidenceScore3','confidenceScore2','wordnoTimeCode','contentEditable','data-*' ]
}
});
};export function cleanHTML(dirty) {
return sanitizeHtml(dirty, {
allowedTags: [ 'b', 'i', 'em', 'strong', 'a', 'p', 'span', 'br' ],
transformTags: {
'div': sanitizeHtml.simpleTransform('p'),
},
allowedAttributes: {
'span': [ 'class', 'data-timestamp', 'contentEditable' ]
}
});
};function addPortalClasses(raw) {
raw = raw || '';
let clean;
clean = sanitizeHtml(raw, {
allowedTags: false,
allowedAttributes: false,
transformTags: {
'table': sanitizeHtml.simpleTransform('table', {class: 'table'})
}
}
);
return clean;
}export default function sanitizeIt(descriptionText: string) {
return sanitizeHtml(
descriptionText,
{
allowedTags: ['h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'blockquote', 'p', 'a', 'ul', 'ol',
'nl', 'li', 'b', 'i', 'strong', 'em', 'strike', 'code', 'hr', 'br', 'div',
'table', 'thead', 'caption', 'tbody', 'tr', 'th', 'td', 'pre', 'del'],
allowedAttributes: {
a: ['href', 'rel'],
},
transformTags: {
a: sanitizeHtml.simpleTransform('a', { rel: 'nofollow noopener noreferrer' }),
},
})
}const markdownConvert = (markdown) => {
const unsafeHtml = new Converter({
openLinksInNewWindow: true,
strikethrough: true,
emoji: true,
}).makeHtml(markdown);
return sanitizeHtml(unsafeHtml, {
allowedTags: ['b', 'i', 'strike', 's', 'del', 'em', 'strong', 'a', 'p', 'h1', 'h2', 'h3', 'h4', 'ul', 'ol', 'li', 'code', 'pre'],
allowedAttributes: {
'a': ['href', 'target', 'rel'],
},
allowedSchemes: ['http', 'https', 'mailto'],
transformTags: {
'a': sanitizeHtml.simpleTransform('a', {rel: 'noopener noreferrer'}, true),
},
});
};sanitize-html
Clean up user-submitted HTML, preserving allowlisted elements and allowlisted attributes on a per-element basis
