UNPKG

dompurify

Version:

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

github.com/cure53/DOMPurify

cure53/DOMPurify

133 lines (132 loc) 4.45 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
{ "scripts": { "build-demo": "node scripts/build-demo.js", "lint": "xo src/*.js", "format": "prettier --write --trailing-comma es5 --single-quote 'src/*.js'", "commit-amend-build": "scripts/commit-amend-build.sh", "prebuild": "rimraf dist/**", "dev": "cross-env NODE_ENV=development BABEL_ENV=rollup rollup -w -c -o dist/purify.js", "build": "cross-env run-p build:umd build:umd:min build:es build:cjs", "build:umd": "cross-env NODE_ENV=development BABEL_ENV=rollup rollup -c -f umd -o dist/purify.js", "build:umd:min": "cross-env NODE_ENV=production BABEL_ENV=rollup rollup -c -f umd -o dist/purify.min.js", "build:es": "cross-env NODE_ENV=development BABEL_ENV=rollup rollup -c -f es -o dist/purify.es.js", "build:cjs": "cross-env NODE_ENV=development BABEL_ENV=rollup rollup -c -f cjs -o dist/purify.cjs.js", "test:jsdom": "cross-env NODE_ENV=test BABEL_ENV=rollup node test/jsdom-node-runner --dot", "test:karma": "cross-env NODE_ENV=test BABEL_ENV=rollup karma start test/karma.conf.js --log-level warn ", "test:ci": "cross-env NODE_ENV=test BABEL_ENV=rollup npm run lint && npm run test:jsdom && npm run test:karma -- --log-level error --reporters dots --single-run --shouldTestOnBrowserStack=\"${TEST_BROWSERSTACK}\" --shouldProbeOnly=\"${TRAVIS_PULL_REQUEST}\"", "test": "cross-env NODE_ENV=test BABEL_ENV=rollup npm run lint && npm run test:jsdom && npm run test:karma -- --browsers Chrome" }, "main": "dist/purify.cjs.js", "module": "dist/purify.es.js", "browser": "dist/purify.js", "files": [ "dist", "package.json", "yarn.lock", "package-lock.json", "README.md" ], "pre-commit": [ "lint", "build", "commit-amend-build" ], "xo": { "semicolon": true, "space": 2, "extends": [ "prettier" ], "plugins": [ "prettier" ], "rules": { "prettier/prettier": [ "error", { "trailingComma": "es5", "singleQuote": true } ], "camelcase": [ "error", { "properties": "never" } ] }, "globals": [ "window", "VERSION" ] }, "devDependencies": { "babel": "^6.23.0", "babel-core": "^6.26.0", "babel-plugin-external-helpers": "^6.22.0", "babel-preset-env": "^1.6.0", "cross-env": "^5.0.5", "eslint-config-prettier": "^2.6.0", "eslint-plugin-prettier": "^2.3.1", "he": "^1.1.1", "jquery": "^2.2.3", "jsdom": "8.x.x", "karma": "^1.7.1", "karma-browserstack-launcher": "^1.3.0", "karma-chrome-launcher": "^2.2.0", "karma-firefox-launcher": "^1.0.0", "karma-fixture": "^0.2.6", "karma-html2js-preprocessor": "^1.0.0", "karma-json-fixtures-preprocessor": "0.0.6", "karma-qunit": "^1.0.0", "karma-rollup-preprocessor": "^4.0.4", "lodash.isarray": "^4.0.0", "lodash.sample": "^4.2.1", "minimist": "^1.2.0", "npm-run-all": "^4.1.1", "pre-commit": "^1.1.2", "prettier": "^1.7.4", "qunit-parameterize": "^0.4.0", "qunit-tap": "^1.5.0", "qunitjs": "^1.23.1", "rimraf": "^2.6.2", "rollup": "0.47.5", "rollup-plugin-babel": "^3.0.2", "rollup-plugin-commonjs": "^8.2.1", "rollup-plugin-includepaths": "^0.2.2", "rollup-plugin-node-resolve": "^3.0.0", "rollup-plugin-replace": "^1.2.1", "rollup-plugin-uglify": "^2.0.0", "rollup-watch": "^4.3.1", "xo": "^0.18.1" }, "name": "dompurify", "description": "DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.", "version": "1.0.3", "directories": { "test": "test" }, "repository": { "type": "git", "url": "git://github.com/cure53/DOMPurify.git" }, "keywords": [ "dom", "xss", "html", "svg", "mathml", "security", "secure", "sanitizer", "sanitize", "filter", "purify" ], "author": "Mario Heiderich <mario@cure53.de> (https://cure53.de/)", "license": "MPL-2.0 OR Apache-2.0", "bugs": { "url": "https://github.com/cure53/DOMPurify/issues" }, "homepage": "https://github.com/cure53/DOMPurify" }