Lib.rs

Web programming
#html #allowlist #filter #w3c #standard #settings #purifier

html-purifier

HTML Purifier

by mehmetcan

4 releases (2 breaking)

0.3.0 Jan 31, 2024
0.2.0 Feb 29, 2020
0.1.1 Feb 25, 2020
0.1.0 Feb 24, 2020

#1350 in Web programming

Download history 79/week @ 2024-01-01 4/week @ 2024-01-08 3/week @ 2024-01-29 3/week @ 2024-02-19 28/week @ 2024-02-26 19/week @ 2024-03-11 26/week @ 2024-03-18 40/week @ 2024-03-25

86 downloads per month

MIT/Apache

10KB
162 lines

HTML Purifier

GHA Build Status MIT licensed crates.io Released API docs

HTML Purifier is a standard HTML filter library.

HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications. HTML Purifier

Example

use html_purifier::{purifier, Settings};

let settings = Settings {
    ..Settings::default()
};
let input = r#"<a href="/test" style="color: black;"><img src="/logo.png" onerror="javascript:;"/>Rust</a>"#;
let output = purifier(input, settings);

Input HTML

<a href="/test" style="color: black;"
  ><img src="/logo.png" onerror="javascript:;" />Rust</a
>

Output HTML

<a href="/test"><img src="/logo.png" />Rust</a>

Dependencies

~8.5MB
~221K SLoC