UNPKG

striptags

Version:

PHP strip_tags in Node.js

github.com/ericnorris/striptags

ericnorris/striptags

92 lines (70 loc) 2.42 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# striptags [![Build Status](https://travis-ci.org/ericnorris/striptags.svg)](https://travis-ci.org/ericnorris/striptags) An implementation of PHP's [strip_tags](http://www.php.net/manual/en/function.strip-tags.php) in Node.js. **Note:** `v3+` targets ES6, and is therefore incompatible with the master branch of `uglifyjs`. You can either: - use `babili`, which supports ES6 - use the `harmony` branch of `uglifyjs` - stick with the [2.x.x](https://github.com/ericnorris/striptags/tree/v2.x.x) branch ## Features - Fast - Zero dependencies - 100% test code coverage - No unsafe regular expressions ## Installing ``` npm install striptags ``` ## Basic Usage ```javascript striptags(html, allowed_tags, tag_replacement); ``` ### Example ```javascript var striptags = require('striptags'); var html = '<a href="https://example.com">' + 'lorem ipsum <strong>dolor</strong> <em>sit</em> amet' + '</a>'; striptags(html); striptags(html, '<strong>'); striptags(html, ['a']); striptags(html, [], '\n'); ``` Outputs: ``` 'lorem ipsum dolor sit amet' ``` ``` lorem ipsum <strong>dolor</strong> sit amet' ``` ``` '<a href="https://example.com">lorem ipsum dolor sit amet</a>' ``` ``` lorem ipsum dolor sit amet ``` ## Streaming Mode `striptags` can also operate in streaming mode. Simply call `init_streaming_mode` to get back a function that accepts HTML and outputs stripped HTML. State is saved between calls so that partial HTML can be safely passed in. ```javascript let stream_function = striptags.init_streaming_mode( allowed_tags, tag_replacement ); let partial_text = stream_function(partial_html); let more_text = stream_function(more_html); ``` Check out [test/striptags-test.js](test/striptags-test.js) for a concrete example. ## Tests You can run tests (powered by [mocha](http://mochajs.org/)) locally via: ``` npm test ``` Generate test coverage (powered by [istanbul](https://github.com/gotwarlost/istanbul)) via : ``` npm run coverage ``` ## Doesn't use regular expressions `striptags` does not use any regular expressions for stripping HTML tags. Regular expressions are not capable of preventing all possible scripting attacks (see [this](http://stackoverflow.com/a/535022)). Here is a [great StackOverflow answer](http://stackoverflow.com/a/5793453) regarding how strip_tags (**when used without specifying allowableTags**) is not vulnerable to scripting attacks.