dompurify
's direct dependencies. Data on all dependencies, including transitive ones, is available via CSV download.Name | Version | Size | License | Type | Vulnerabilities |
---|
DOMPurify is a robust and super-fast JavaScript-based XSS sanitizer. It's primarily designed for HTML, MathML, and SVG handling. Furthermore, it boasts compatibility with all modern browsers, which includes, but is not limited to, Firefox, Chrome, Edge, Safari, and Opera, as well as numerous other browsers that utilize Blink, Gecko, or WebKit. DOMPurify is particularly valuable in preventing HTML-based XSS attacks due to its ability to sanitize and thoroughly clean HTML strings, eradicating any elements containing potentially dangerous HTML.
To use DOMPurify, it requires simple steps. First, include the DOMPurify script in your website, using either the minified production version or the unminified development version. For instance, you could use:
<script type="text/javascript" src="src/purify.js"></script>
or
<script type="text/javascript" src="dist/purify.min.js"></script>
Once included, you can sanitize your HTML strings. For example:
const clean = DOMPurify.sanitize(dirty);
Where "dirty" is your potentially unsafe (dirty) HTML input and "clean" is the sanitized (clean) HTML result. You can also use it with Angular, as follows:
import * as DOMPurify from 'dompurify';
const clean = DOMPurify.sanitize('<b>hello there</b>');
The sanitized HTML result can then be written into a DOM element using innerHTML or document.write().
For comprehensive documentation on DOMPurify, it highly recommends visiting the DOMPurify GitHub repository. There, you will find a detailed guide on how to use and customize DOMPurify to cater to your needs. The README file contains initial instructions, and further details can be found within the wiki and the demo folders. TypeScript type definitions are also provided at @types/dompurify.