ember-dompurify

[![npm Version][npm-badge]][npm]
![Build Status](https://travis-ci.org/jasonmit/ember-dompurify)

A wrapper around DOMPurify.

> DOMPurify sanitizes HTML and prevents XSS attacks. You can feed DOMPurify with string full of dirty HTML and it will return a string with clean HTML. DOMPurify will strip out everything that contains dangerous HTML and thereby prevent XSS attacks and other nastiness. It's also damn bloody fast. We use the technologies the browser provides and turn them into an XSS filter. The faster your browser, the faster DOMPurify will be.

Installation

``sh ember i ember-dompurify`

`Helper usage`

`$3`

`hbs {{dom-purify ''}}`

Returns an Ember.String.htmlSafeobject:`html`

`$3`

DOMPurify exposes a number of useful hooks. These hooks can be leveraged to initiate transforms on the HTML you are sanitizing, such as always inserting target="_blank" on all HTMLAnchorElement elements.

`js // app/dompurify-hooks/target-blank.js (built-in but an example of the public API) import { Hook } from 'ember-dompurify';

export default class TargetBlankHook extends Hook { afterSanitizeAttributes(node) { if (node instanceof HTMLAnchorElement) { node.setAttribute('target', '_blank'); node.setAttribute('rel', 'noopener'); } } }`

`hbs {{dom-purify 'Link' hook='target-blank'}}`

Result:

`html Link`

_Note_: Multiple hooks can be provided as a string separated by spaces - i.e, {{dom-purify 'Link' hook='hook-one hook-two}})

`$3`

These are commonly used and bundled with ember-dompurify. If you have other hooks you would like to add, please submit a PR or open an issue for a proposal.

#### target-blank

`hbs {{dom-purify 'Link' hook='target-blank'}}`

Result:

`html Link`

`API`

`js import createDOMPurify from 'ember-dompurify';

const dompurify = createDOMPurify(window); dompurify.sanitize(''); // -> type: String, result:`

`Supported Helper Attributes`

All DOMPurify options are supported, DOMPurify options.

Example:`hbs {{dom-purify model.notes keep-content=true}}`

Contributing ------------------------------------------------------------------------------

`$3`

* git clone *cd ember-dompurify*npm install

`$3`

* npm run lint:js*npm run lint:js -- --fix

`$3`

* ember test– Runs the test suite on the current Ember version *ember test --server– Runs the test suite in "watch mode" *npm test – Runs ember try:each to test your addon against multiple Ember versions

`$3`

* ember serve`
* Visit the dummy application at http://localhost:4200.

For more information on using ember-cli, visit https://ember-cli.com/.

License
------------------------------------------------------------------------------

This project is licensed under the MIT License

[npm]: https://www.npmjs.org/package/ember-dompurify
[npm-badge]: https://img.shields.io/npm/v/ember-dompurify.svg?style=flat-square

ember-dompurify

[![npm Version][npm-badge]][npm]
![Build Status](https://travis-ci.org/jasonmit/ember-dompurify)

A wrapper around DOMPurify.

Installation

``sh ember i ember-dompurify`

`Helper usage`

`$3`

`hbs {{dom-purify ''}}`

Returns an Ember.String.htmlSafeobject:`html`

`$3`

`js // app/dompurify-hooks/target-blank.js (built-in but an example of the public API) import { Hook } from 'ember-dompurify';

`hbs {{dom-purify 'Link' hook='target-blank'}}`

Result:

`html Link`

_Note_: Multiple hooks can be provided as a string separated by spaces - i.e, {{dom-purify 'Link' hook='hook-one hook-two}})

`$3`

These are commonly used and bundled with ember-dompurify. If you have other hooks you would like to add, please submit a PR or open an issue for a proposal.

#### target-blank

`hbs {{dom-purify 'Link' hook='target-blank'}}`

Result:

`html Link`

`API`

`js import createDOMPurify from 'ember-dompurify';

const dompurify = createDOMPurify(window); dompurify.sanitize(''); // -> type: String, result:`

`Supported Helper Attributes`

All DOMPurify options are supported, DOMPurify options.

Example:`hbs {{dom-purify model.notes keep-content=true}}`

Contributing ------------------------------------------------------------------------------

`$3`

* git clone *cd ember-dompurify*npm install

`$3`

* npm run lint:js*npm run lint:js -- --fix

`$3`

* ember serve`
* Visit the dummy application at http://localhost:4200.

For more information on using ember-cli, visit https://ember-cli.com/.

License
------------------------------------------------------------------------------

This project is licensed under the MIT License

[npm]: https://www.npmjs.org/package/ember-dompurify
[npm-badge]: https://img.shields.io/npm/v/ember-dompurify.svg?style=flat-square