0.5.0 • Published 3 years ago

@appex/aurelia-dompurify v0.5.0

Weekly downloads
-
License
MIT
Repository
github
Last release
3 years ago

aurelia-dompurify

This Aurelia plugin replaces the built in HTMLSanitizer implementation with a DOMPurify based implementation.

Aurelia's default sanitizer should not be used, as it is not meant for production use, as the official documentation states.

Additionally, the plugin supplies a configurable value converter named dompurify for use cases where a default configuration isn't sufficient.

Installing

npm i @appex/aurelia-dompurify
# or
yarn add @appex/aurelia-dompurify

Using

Using DOMPurify's default values:

  aurelia.use
    .standardConfiguration()
    .plugin(PLATFORM.moduleName('@appex/aurelia-dompurify'))

You can also override the default config. Refer to the DOMPurify docs for more information.

  aurelia.use
    .standardConfiguration()
    .plugin(PLATFORM.moduleName('@appex/aurelia-dompurify'), {ALLOWED_TAGS: ['b']})

The dompurify value converter is used like this:

  <p innerHTML.bind="untrustedContent | dompurify"></p>
  <!-- Identical to using Aurelia's sanitizeHTML value converter -->
  <p innerHTML.bind="untrustedContent | sanitizeHTML"></p>
  <!-- With custom configuration -->
  <p innerHTML.bind="untrustedContent | dompurify: {ALLOWED_TAGS: ['i']}"></p>
securitysanitizingaureliadompurify
@types/dompurifyaurelia-loggingaurelia-templating-resourcesdompurify
@infinitebrahmanuniverse/nolb-_appe@everything-registry/sub-chunk-75@zalastax/nolb-_appe
0.5.0

3 years ago

0.4.1

3 years ago

0.4.0

3 years ago

0.3.0

3 years ago

0.2.1

3 years ago

0.2.0

3 years ago

0.1.0

3 years ago