ProductPromotion
Logo

Elixir

made by https://0x3d.site

GitHub - elixirstatus/phoenix_html_sanitizer: HTML Sanitizer for Phoenix
HTML Sanitizer for Phoenix. Contribute to elixirstatus/phoenix_html_sanitizer development by creating an account on GitHub.
Visit Site

GitHub - elixirstatus/phoenix_html_sanitizer: HTML Sanitizer for Phoenix

GitHub - elixirstatus/phoenix_html_sanitizer: HTML Sanitizer for Phoenix

Phoenix HTML Sanitizer Deps Status Inline docs

phoenix_html_sanitizer provides a simple way to sanitize user input in your Phoenix app.

It is extracted from the elixirstatus.com project, where it is used to sanitize user annoucements from around the Elixir community.

What can it do?

phoenix_html_sanitizer parses a given HTML string and either completely strips it from HTML tags or sanitizes it by only allowing certain HTML elements and attributes to be present. It depends on html_sanitize_ex to do this.

Installation

Add phoenix_html_sanitizer as a dependency in your mix.exs file.

defp deps do
  [
    # ...
    {:phoenix_html_sanitizer, "~> 1.2"}
  ]
end

After you are done, run mix deps.get in your shell.

To include the Sanitizer into all your views, you can add it to your web.ex file:

    def view do
      quote do
        use Phoenix.View, root: "web/templates"

        [snip]

        # Use all HTML functionality (forms, tags, etc)
        import Phoenix.HTML
        import Phoenix.HTML.Form
        use PhoenixHTMLHelpers
        use PhoenixHtmlSanitizer, :basic_html         <-------- add this line
      end
    end

You have to set one of three base modes here:

  • :strip_tags - all tags are stripped from the input.
  • :basic_html - some basic HTML tags are allowed. This is great for allowing basic usages of HTML for sites like online forums and it works great in combination with a Markdown parser.
  • :full_html - all HTML5 tags are allowed and sanitized.

After you included PhoenixHtmlSanitizer into your web.ex, it will provide two functions in your views:

  • sanitize/1 uses the defined base mode,
  • sanitize/2 takes the mode as second parameter.

Usage in views

sanitize can strip all tags from the given string:

    text = "<a href=\"javascript:alert('XSS');\">text here</a>"
    sanitize(text, :strips_tags)
    # => {:safe, "text here"}

Or allow certain basic HTML elements to remain:

    text = "<h1>Hello <script>World!</script></h1>"
    sanitize(text, :basic_html)
    # => {:safe, "<h1>Hello World!</h1>"}
    text = "<header>Hello <script>World!</script></header>"
    sanitize(text, :full_html)
    # => {:safe, "<header>Hello World!</header>"}

Notice how the output follows the Phoenix.HTML.Safe protocol.

Thus both sanitize/1 and sanitize/2 can be used directly in your views:

<%= sanitize "<h1>Hello <script>World!</script></h1>" %>

This prints <h1>Hello World!</h1> into your eex template.

Contributing

  1. Fork it!
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create new Pull Request

Author

René Föhring (@rrrene)

License

phoenix_html_sanitizer is released under the MIT License. See the LICENSE file for further details.

Articles
to learn more about the elixir concepts.

Resources
which are currently available to browse on.

mail [email protected] to add your project or resources here 🔥.

FAQ's
to know more about the topic.

mail [email protected] to add your project or resources here 🔥.

Queries
or most google FAQ's about Elixir.

mail [email protected] to add more queries here 🔍.

More Sites
to check out once you're finished browsing here.

0x3d
https://www.0x3d.site/
0x3d is designed for aggregating information.
NodeJS
https://nodejs.0x3d.site/
NodeJS Online Directory
Cross Platform
https://cross-platform.0x3d.site/
Cross Platform Online Directory
Open Source
https://open-source.0x3d.site/
Open Source Online Directory
Analytics
https://analytics.0x3d.site/
Analytics Online Directory
JavaScript
https://javascript.0x3d.site/
JavaScript Online Directory
GoLang
https://golang.0x3d.site/
GoLang Online Directory
Python
https://python.0x3d.site/
Python Online Directory
Swift
https://swift.0x3d.site/
Swift Online Directory
Rust
https://rust.0x3d.site/
Rust Online Directory
Scala
https://scala.0x3d.site/
Scala Online Directory
Ruby
https://ruby.0x3d.site/
Ruby Online Directory
Clojure
https://clojure.0x3d.site/
Clojure Online Directory
Elixir
https://elixir.0x3d.site/
Elixir Online Directory
Elm
https://elm.0x3d.site/
Elm Online Directory
Lua
https://lua.0x3d.site/
Lua Online Directory
C Programming
https://c-programming.0x3d.site/
C Programming Online Directory
C++ Programming
https://cpp-programming.0x3d.site/
C++ Programming Online Directory
R Programming
https://r-programming.0x3d.site/
R Programming Online Directory
Perl
https://perl.0x3d.site/
Perl Online Directory
Java
https://java.0x3d.site/
Java Online Directory
Kotlin
https://kotlin.0x3d.site/
Kotlin Online Directory
PHP
https://php.0x3d.site/
PHP Online Directory
React JS
https://react.0x3d.site/
React JS Online Directory
Angular
https://angular.0x3d.site/
Angular JS Online Directory