@ordojs/security
Version:
Security package for OrdoJS with XSS, CSRF, and injection protection
69 lines • 2.07 kB
TypeScript
/**
* Configuration options for HTML sanitization
*/
export interface SanitizerOptions {
/**
* List of allowed HTML tags
* @default ['a', 'b', 'br', 'code', 'div', 'em', 'i', 'li', 'ol', 'p', 'pre', 'span', 'strong', 'ul']
*/
allowedTags?: string[];
/**
* List of allowed HTML attributes
* @default ['href', 'target', 'class', 'id', 'style']
*/
allowedAttributes?: string[] | Record<string, string[]>;
/**
* Whether to allow data attributes (data-*)
* @default false
*/
allowDataAttributes?: boolean;
/**
* Whether to strip all HTML and return text only
* @default false
*/
stripAllTags?: boolean;
}
/**
* HTML Sanitizer class for preventing XSS attacks
* Uses DOMPurify under the hood with configurable options
*/
export declare class HtmlSanitizer {
private options;
/**
* Create a new HtmlSanitizer instance
* @param options Sanitizer configuration options
*/
constructor(options?: SanitizerOptions);
/**
* Sanitize HTML content to prevent XSS attacks
* @param html HTML content to sanitize
* @returns Sanitized HTML
*/
sanitize(html: string): string;
/**
* Update sanitizer options
* @param options New sanitizer options
*/
updateOptions(options: Partial<SanitizerOptions>): void;
/**
* Create a sanitizer with strict settings (minimal allowed tags)
* @returns A new HtmlSanitizer instance with strict settings
*/
static createStrict(): HtmlSanitizer;
/**
* Create a sanitizer that strips all HTML tags
* @returns A new HtmlSanitizer instance that strips all HTML
*/
static createTextOnly(): HtmlSanitizer;
}
/**
* Create a default HTML sanitizer instance
*/
export declare const defaultSanitizer: HtmlSanitizer;
/**
* Sanitize HTML content using the default sanitizer
* @param html HTML content to sanitize
* @returns Sanitized HTML
*/
export declare function sanitizeHtml(html: string): string;
//# sourceMappingURL=html-sanitizer.d.ts.map