UNPKG

dompurify

Version:

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

github.com/cure53/DOMPurify

cure53/DOMPurify

145 lines (144 loc) 4.52 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
export = purify; declare function purify(root: any): { (root: any): any; /** * Version label, exposed for easier checks * if DOMPurify is up to date or not */ version: string; /** * Array of elements that DOMPurify removed during sanitation. * Empty if nothing was removed. */ removed: any[]; isSupported: boolean; /** * Sanitize * Public method providing core sanitation functionality * * @param {String|Node} dirty string or DOM node * @param {Object} configuration object */ sanitize(dirty: string | Node, cfg: any): any; /** * Public method to set the configuration once * setConfig * * @param {Object} cfg configuration object */ setConfig(cfg: any): void; /** * Public method to remove the configuration * clearConfig * */ clearConfig(): void; /** * Public method to check if an attribute value is valid. * Uses last set config, if any. Otherwise, uses config defaults. * isValidAttribute * * @param {string} tag Tag name of containing element. * @param {string} attr Attribute name. * @param {string} value Attribute value. * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false. */ isValidAttribute(tag: string, attr: string, value: string): boolean; /** * AddHook * Public method to add DOMPurify hooks * * @param {String} entryPoint entry point for the hook to add * @param {Function} hookFunction function to execute */ addHook(entryPoint: string, hookFunction: Function): void; /** * RemoveHook * Public method to remove a DOMPurify hook at a given entryPoint * (pops it from the stack of hooks if more are present) * * @param {String} entryPoint entry point for the hook to remove * @return {Function} removed(popped) hook */ removeHook(entryPoint: string): Function; /** * RemoveHooks * Public method to remove all DOMPurify hooks at a given entryPoint * * @param {String} entryPoint entry point for the hooks to remove */ removeHooks(entryPoint: string): void; /** * RemoveAllHooks * Public method to remove all DOMPurify hooks * */ removeAllHooks(): void; }; declare namespace purify { const version: string; const removed: any[]; const isSupported: boolean; /** * Sanitize * Public method providing core sanitation functionality * * @param {String|Node} dirty string or DOM node * @param {Object} configuration object */ function sanitize(dirty: string | Node, cfg: any): any; /** * Public method to set the configuration once * setConfig * * @param {Object} cfg configuration object */ function setConfig(cfg: any): void; /** * Public method to remove the configuration * clearConfig * */ function clearConfig(): void; /** * Public method to check if an attribute value is valid. * Uses last set config, if any. Otherwise, uses config defaults. * isValidAttribute * * @param {string} tag Tag name of containing element. * @param {string} attr Attribute name. * @param {string} value Attribute value. * @return {Boolean} Returns true if `value` is valid. Otherwise, returns false. */ function isValidAttribute(tag: string, attr: string, value: string): boolean; /** * AddHook * Public method to add DOMPurify hooks * * @param {String} entryPoint entry point for the hook to add * @param {Function} hookFunction function to execute */ function addHook(entryPoint: string, hookFunction: Function): void; /** * RemoveHook * Public method to remove a DOMPurify hook at a given entryPoint * (pops it from the stack of hooks if more are present) * * @param {String} entryPoint entry point for the hook to remove * @return {Function} removed(popped) hook */ function removeHook(entryPoint: string): Function; /** * RemoveHooks * Public method to remove all DOMPurify hooks at a given entryPoint * * @param {String} entryPoint entry point for the hooks to remove */ function removeHooks(entryPoint: string): void; /** * RemoveAllHooks * Public method to remove all DOMPurify hooks * */ function removeAllHooks(): void; }