vhad/DefinitelyTyped
1
0
Fork 0
mirror of https://github.com/gosticks/DefinitelyTyped.git synced 2025-10-16 12:05:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
bec5648ef7
DefinitelyTyped/dompurify/dompurify-tests.ts
bazuzi 5b053a7579 Expand typings for DOMPurify 
- A config can be passed in when using sanitize and the
same config object is passed into the addHook callback.

- Depending on config options, sanitize may return a DOM Node.

- The basic examples from the DOMPurify README will confirm
that the config object can be used flexibly with sanitize.
2015-08-25 17:41:34 -04:00

58 lines
2.2 KiB
TypeScript
Raw Blame History

/// <reference path="dompurify.d.ts" />
import dompurify = require('dompurify');
dompurify.sanitize('<script>alert("hi")</script>');
dompurify.addHook('beforeSanitizeElements', (el, data, config) => {
return el;
});
//examples from the DOMPurify README
let dirty = '<script>alert("hi")</script><p>Totally safe<p><p onerror="blowUp()">Totally not safe</p>';
// allow only <b>
dompurify.sanitize(dirty, {ALLOWED_TAGS: ['b']});
// allow only <b> and <q> with style attributes (for whatever reason)
dompurify.sanitize(dirty, {ALLOWED_TAGS: ['b', 'q'], ALLOWED_ATTR: ['style']});
// leave all as it is but forbid <style>
dompurify.sanitize(dirty, {FORBID_TAGS: ['style']});
// leave all as it is but forbid style attributes
dompurify.sanitize(dirty, {FORBID_ATTR: ['style']});
// extend the existing array of allowed tags
dompurify.sanitize(dirty, {ADD_TAGS: ['my-tag']});
// extend the existing array of attributes
dompurify.sanitize(dirty, {ADD_ATTR: ['my-attr']});
// prohibit HTML5 data attributes (default is true)
dompurify.sanitize(dirty, {ALLOW_DATA_ATTR: false});
// return a DOM HTMLBodyElement instead of an HTML string (default is false)
dompurify.sanitize(dirty, {RETURN_DOM: true});
// return a DOM DocumentFragment instead of an HTML string (default is false)
dompurify.sanitize(dirty, {RETURN_DOM_FRAGMENT: true});
// return a DOM DocumentFragment instead of an HTML string (default is false)
// also import it into the current document (default is false).
// RETURN_DOM_IMPORT must be set if you would like to append
// the returned node to the current document
let clean = dompurify.sanitize(dirty, {RETURN_DOM_FRAGMENT: true, RETURN_DOM_IMPORT: true});
document.body.appendChild(clean);
// return entire document including <html> tags (default is false)
dompurify.sanitize(dirty, {WHOLE_DOCUMENT: true});
// make output safe for usage in jQuery's $()/html() method (default is false)
dompurify.sanitize(dirty, {SAFE_FOR_JQUERY: true});
// disable DOM Clobbering protection on output (default is true, handle with care!)
dompurify.sanitize(dirty, {SANITIZE_DOM: false});
// discard an element's content when the element is removed (default is true)
dompurify.sanitize(dirty, {KEEP_CONTENT: false});
Reference in New Issue View Git Blame Copy Permalink