npm install ember-purify

Ember-purify

![Travis CI Build Status](https://travis-ci.org/sivakumar-kailasam/ember-purify) ![Ember Observer Score](http://emberobserver.com/addons/ember-purify)

When you need to render user provided HTML content but don't want to trust the user content with Ember's Ember.String.htmlSafe or {{{ }}}.
Uses DOMPurify to sanitize HTML & SVG. I strongly recommend you watch the video linked under the inspiration section. See XSS in action in Ember in this twiddle.

You can also run ember serve to see the above mentioned approaches along with the purify-dom helper. Inspect the DOM on all three broken images to see the difference.

Installation

``shell ember install ember-purify`

`Usage`

For templates,`handlebars {{purify-dom ''}}`will render`html`

To use it in js,`js import { sanitize } from 'dompurify';`Note that global config isn't applied to the functions imported in JS.

Details on DOMPurify, the underlying library can be found in its README

`Configuration`

To configure the purify helper globally in your app's config/environment.js,`js ENV.APP.purify = { // Refer to various config options in DOMPurify's README };`In addition to the global configuration you can also pass the config to the helper which can either be merged to the global config(by default) or replaced(by passing overrideConfig=true)`handlebars {{purify-dom "" config=(hash ALLOW_DATA_ATTR=false) overrideConfig=true}}`

`Inspiration`

Securing your EmberJS Application talk By Philippe De Ryck.

`Installation`

* git clone this repository *cd ember-purify*npm install or yarn

`Running`

* ember serve* Visit your app at http://localhost:4200.

`Running Tests`

* npm test (Runs ember try:eachto test your addon against multiple Ember versions) *ember test*ember test --server

`Building`

* ember build`

For more information on using ember-cli, visit http://ember-cli.com/.

[ember-version]: https://embadge.io/v1/badge.svg?start=1.13.0