UNPKG

@radya/nuxt-dompurify

Version:

A Nuxt 3 module that integrates DOMPurify for sanitizing HTML content and protecting against XSS attacks, with support for multiple profiles.

github.com/radyakaze/nuxt-dompurify

radyakaze/nuxt-dompurify

113 lines (85 loc) 2.71 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
# Nuxt DOMPurify A Nuxt 3 module that integrates DOMPurify for sanitizing HTML content. This module helps protect your application from XSS attacks by sanitizing any potentially dangerous HTML inputs. ## Installation Install the module via Yarn: ```bash yarn add -D @radya/nuxt-dompurify ``` ## Usage Add the module to your Nuxt config file: ```javascript export default defineNuxtConfig({ modules: ['@radya/nuxt-dompurify'], }) ``` ### Example You can use the directive `v-sanitize-html` to sanitize HTML content in your templates: ```vue <template> <div v-sanitize-html="dirtyHtml" /> </template> <script setup> const dirtyHtml = ` <div> <h1>Welcome to My Website</h1> <h3>This is H3 heading</h3> <p>This is a <strong>simple</strong> paragraph.</p> <img src="image.jpg" onerror="alert('Hacked!')" /> <a href="https://example.com" onclick="stealCookies()">Click me!</a> <script>alert('This is an XSS attack!')</` + `script> </div>` </script> ``` This will sanitize the `dirtyHtml` variable, ensuring it is safe to render in the DOM. ## Profiles This module also supports **profiles** to allow different DOMPurify configurations for specific use cases. You can define profiles in your `nuxt.config.ts` like this: ```ts export default defineNuxtConfig({ modules: ['@radya/nuxt-dompurify'], dompurify: { profiles: { profileName: { ALLOWED_TAGS: ['h1', 'h2', 'h3', 'h4', 'h5', 'h6'], } } }, }) ``` ### Using Profiles To use a specific profile, you can pass the profile name as an argument to the `v-sanitize-html` directive: ```vue <template> <div v-sanitize-html:profileName="dirtyHTML" /> </template> <script setup> const dirtyHtml = ` <div> <h1>Welcome to My Website</h1> <h3>This is H3 heading</h3> <p>This is a <strong>simple</strong> paragraph.</p> <img src="image.jpg" onerror="alert('Hacked!')" /> <a href="https://example.com" onclick="stealCookies()">Click me!</a> <script>alert('This is an XSS attack!')</` + `script> </div>` </script> ``` ## Contributing We welcome contributions to `Nuxt DOMPurify`. Please follow these steps to get started: 1. **Enable Corepack**: Ensure Corepack is enabled by running: ```bash corepack enable ``` 2. **Install Dependencies**: Install all necessary dependencies by running: ```bash yarn install ``` 3. **Generate Type Stubs**: Run the following command to generate type stubs: ```bash yarn dev:prepare ``` 4. **Start Development Mode**: Use the following command to start the playground in development mode: ```bash yarn dev ``` ## License This project is licensed under the MIT License. See the [LICENSE](LICENSE) file for more details.