JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 206
  • Score
    100M100P100Q90782F
  • License MIT

Ember addon to help purify DOM content

Package Exports

  • ember-purify

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (ember-purify) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

Ember-purify

Travis CI Build Status AppVeyor Build status Ember Observer Score Ember Version

When you need to render user provided HTML content but don't want to trust the user content with Ember's Ember.String.htmlSafe or {{{ }}}. Uses DOMPurify to sanitize HTML & SVG. I strongly recommend you watch the video linked under the inspiration section. See XSS in action in Ember in this twiddle.

Inspiration

Securing your EmberJS Application talk By Philippe De Ryck.

Usage

{{purify-dom '<img src="missing-image.png" onerror=alert(1)//>'}}

will render

<img src="missing-image.png">

Details on DOMPurify, the underlying library can be found in its README

Configuration

To configure the purify helper globally in your app's config/environment.js,

ENV.APP.purify = {
  // Refer to various config options in DOMPurify's README
};

Installation

  • git clone <repository-url> this repository
  • cd ember-purify
  • npm install
  • bower install

Running

Running Tests

  • npm test (Runs ember try:each to test your addon against multiple Ember versions)
  • ember test
  • ember test --server

Building

  • ember build

For more information on using ember-cli, visit http://ember-cli.com/.