@appex/aurelia-dompurify
TypeScript icon, indicating that this package has built-in type declarations

0.5.0 • Public • Published

aurelia-dompurify

This Aurelia plugin replaces the built in HTMLSanitizer implementation with a DOMPurify based implementation.

Aurelia's default sanitizer should not be used, as it is not meant for production use, as the official documentation states.

Additionally, the plugin supplies a configurable value converter named dompurify for use cases where a default configuration isn't sufficient.

Installing

npm i @appex/aurelia-dompurify
# or
yarn add @appex/aurelia-dompurify

Using

Using DOMPurify's default values:

  aurelia.use
    .standardConfiguration()
    .plugin(PLATFORM.moduleName('@appex/aurelia-dompurify'))

You can also override the default config. Refer to the DOMPurify docs for more information.

  aurelia.use
    .standardConfiguration()
    .plugin(PLATFORM.moduleName('@appex/aurelia-dompurify'), {ALLOWED_TAGS: ['b']})

The dompurify value converter is used like this:

  <p innerHTML.bind="untrustedContent | dompurify"></p>
  <!-- Identical to using Aurelia's sanitizeHTML value converter -->
  <p innerHTML.bind="untrustedContent | sanitizeHTML"></p>
  <!-- With custom configuration -->
  <p innerHTML.bind="untrustedContent | dompurify: {ALLOWED_TAGS: ['i']}"></p>

Package Sidebar

Install

npm i @appex/aurelia-dompurify

Weekly Downloads

277

Version

0.5.0

License

MIT

Unpacked Size

24.9 kB

Total Files

30

Last publish

Collaborators

  • appex-developers