ai/nanopurify

Stars
7
Rank 2,294,772 (Top 46 %)
Language
JavaScript
License
MIT License
Created 10 months ago
Updated 10 months ago

ai/nanopurify

ai

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

A tiny (from 337 bytes) HTML sanitizer

Nano Purify

JS library to remove all dangerous HTML tags to prevent XSS attacks.

Small. From 326 to 613 bytes (minified and brotlied). DOMPurify takes 7 KB in JS bundle.
TypeScript support out-of-the-box.
It uses browser’s DOMParser for better performance. You need to use jsdom for Node.js.

import { sanitize, SAFE_TAGS } from 'nanopurify'

sanitize('<script>alert(1)</script> <b>Safe</b> Text', SAFE_TAGS)
//=> ' <b>Safe</b> Text'

sanitize('<b>Safe</b> Text')
//=> ' Text'

This project is based on DOMPurify by Cure53 with features reduction, API refactoring and code cleaning for smaller JS bundle footprint. Use DOMPurify if you need MathML, SVG, forms or any advanced features.

Made in Evil Martians, product consulting for developer tools.

Install

npm install nanopurify

Usage

You can change list of safe tags:

sanitize(html, {
  // Allow-list of tags
  a: {
    // Allow-list of attributes for this tag
    href: /^(https?|mailto|tel):/,
  },
  '*': {
    // Allow-list of attributes for all tags
    title: true
  }
})

It uses browser’s DOMParser. For Node.js you will need to use jsdom:

import { JSDOM } from 'jsdom'

const window = new JSDOM().window

sanitize(html, SAFE_TAGS, window)

nanoid

A tiny (124 bytes), secure, URL-friendly, unique string ID generator for JavaScript

easings.net

Easing Functions Cheat Sheet

size-limit

Calculate the real cost to run your JS app or lib to keep good performance. Show error in pull request if the cost exceeds the limit.

visibilityjs

Wrapper for the Page Visibility API

nanoevents

Simple and tiny (107 bytes) event emitter library for JavaScript

autoprefixer-rails

Autoprefixer for Ruby and Ruby on Rails

nanocolors

Use picocolors instead. It is 3 times smaller and 50% faster.

audio-recorder-polyfill

MediaRecorder polyfill to record audio in Edge and Safari

keyux

JS library to improve keyboard UI of web apps

webp-in-css

PostCSS plugin and tiny JS script (131 bytes) to use WebP in CSS background

offscreen-canvas

Polyfill for OffscreenCanvas to move Three.js/WebGL/2D canvas to Web Worker

convert-layout

JS library to convert text from one keyboard layout to other

ssdeploy

Netlify replacement to deploy simple websites with better flexibility, speed and without vendor lock-in

environment

My home config, scripts and installation process

nanodelay

A tiny (37 bytes) Promise wrapper around setTimeout

dual-publish

Publish JS project as dual ES modules and CommonJS package to npm

nanospy

Spy and mock methods in tests with great TypeScript support

check-dts

Unit tests for TypeScript definitions in your JS open source library

autoprefixer-core

autoprefixer-core was depreacted, use autoprefixer

transition-events

jQuery plugin to set listeners to CSS Transition animation end or specific part

evil-blocks

Tiny framework for web pages to split your app to separated blocks

rails-sass-images

Sass functions and mixins to inline images and get images size

compass.js

Compass.js allow you to get compass heading in JavaScript by PhoneGap, iOS API or GPS hack.

evil-front

Helpers for frontend from Evil Martians

rake-completion

Bash completion support for Rake

yaspeller-ci

Fast spelling check for Travis CI

jquery-cdn

Best way to use latest jQuery in Ruby app

sitnik.ru

My homepage content and scripts

pages.js

fotoramajs

Fotorama for Ruby on Rails

about-postcss

Keynotes about PostCSS

autohide-battery

GNOME Shell extension to hide battery icon in top panel, if battery is fully charged and AC is connected.

darian

Darian Mars calendar converter

better-node-test

The CLI shortcut for node --test runner with TypeScript

plain_record

Data persistence with human readable and editable storage.

evolu-lang

Programming language to automatically generate programs by evolution (genetic programming).

martian-logux-demo

hide-keyboard-layout

GNOME Shell extension to hide keyboard layout indicator in status bar

twitter2vk

Script to automatically repost statuses from Twitter to VK (В Контакте)

asdf-cache-action

A Github Action to install runtimes by asdf CLI with a cache

ci-job-number

Return CI job number to run huge tests only on first job

print-snapshots

Print Jest snapshots to check CLI output of your tool

load-resources

Load all JS/CSS files from site website

susedko

Fedora CoreOS ignition config for my home server

file-container

Store different languages in one source file

postcss-isolation

Fix global CSS with PostCSS

autoprefixer-cli

CLI for Autoprefixer

d2na

D²NA language for genetic programming

showbox

Keynote generator

boilerplates

Boilerplate for my open source projects

postcss-way

Keynotes about PostCSS way

gulp-bench-summary

Display gulp-bench results in nice table view

universal-layout

Универсальная раскладка Ситника

anim2012

Доклад «Анимации по-новому — лень, гордыня и нетерпимость»

ai

rit3d

Доклад «Веб, теперь в 3D: Практика»

dis.spbstu.ru

Department homepage

jstransformer-lowlight

Lowlight support for JSTransformers

jest-ci

CLI for Jest test framework, but coverage only on first CI job

evolu-steam

Evolu Steam – evolutionary computation for JavaScript

insomnis

Текст блогокниги «Инсомнис»

plague

Blog/book Plague engine

wsd2013

Презентация «Автопрефиксер: мир без CSS-префиксов»

showbox-bright

Shower Bright theme for Showbox

ruby2jar

Ruby2Jar builds JAR from a Ruby script

showbox-ai

Sitnik’s theme for ShowBox

showbox-shower

Shower for ShowBox

on_the_islands