xss-sanitize 0.3.4 → 0.3.4.1
raw patch · 2 files changed
+8/−6 lines, 2 filesdep ~text
Dependency ranges changed: text
Files
- README.md +4/−2
- xss-sanitize.cabal +4/−4
README.md view
@@ -1,8 +1,10 @@ # Summary xss-sanitize allows you to accept html from untrusted sources by first filtering it through a white list.-For example, this allows a web application to safely use a rich text editor or allow html in comments.+The white list filtering is fairly comprehensive, including support for css in style attributes, but there are limitations enumerated below. +Sanitizing allows a web application to safely use a rich text editor, allow html in comments, or otherwise display untrusted HTML.+ If you trust the HTML (you wrote it), you do not need to use this. If you don't trust the html you probably also do not trust that the tags are balanced and should use the sanitizeBalance function. @@ -66,7 +68,7 @@ ### style attribute -style attributes are now parsed with the css-text and autoparsec-text dependencies. They are then ran through a white list for properties and keywords. Whitespace is not preserved. This code was again translated from sanitizer.py, but uses attopoarsec instead of regexes. If you don't care about stripping css you can avoid the attoparsec dependendcy by using the older < 0.3 version of this library.+style attributes are now parsed with the css-text and autoparsec-text dependencies. They are then ran through a white list for properties and keywords. Whitespace is not preserved. This code was again translated from sanitizer.py, but uses attoparsec instead of regexes. If you don't care about stripping css you can avoid the attoparsec dependendcy by using the older < 0.3 version of this library. ### data attributes
xss-sanitize.cabal view
@@ -1,5 +1,5 @@ name: xss-sanitize-version: 0.3.4+version: 0.3.4.1 license: BSD3 license-file: LICENSE author: Greg Weber <greg@gregweber.info>@@ -15,12 +15,12 @@ extra-source-files: README.md library- build-depends: base == 4.*, containers+ build-depends: base == 4.*, containers , tagsoup >= 0.12.2 && < 1 , utf8-string >= 0.3 && < 1 , network >= 2 && < 3 , css-text >= 0.1.1 && < 0.2- , text >= 0.11 && < 1+ , text >= 0.11 && < 2 , attoparsec >= 0.10.0.3 && < 1 @@ -32,7 +32,7 @@ type: exitcode-stdio-1.0 main-is: test/main.hs cpp-options: -DTEST- build-depends: base == 4.* , containers+ build-depends: base == 4.* , containers , tagsoup >= 0.12.2 && < 1 , utf8-string >= 0.3 && < 1 , network >= 2 && < 3