README.md
In trestletech/sanitizer: Sanitize HTML

sanitizer

Sanitize HTML in R. Here’s an example of a markdown strings that includes a potentially malicious script tag. It also has a target attribute in the <a> tag which we don’t allow by default. You can see that we render the markdown to HTML and then sanitize the resultant HTML to only allow the approved tags and attributes.

html <- paste0('<div><a href="https://github.com" target="_blank">',
  'Link here</a><script>something bad</script></div>')
sanitize_markdown(paste0('**hi** there ', html))
#> [1] "<p><strong>hi</strong> there <div><a href=\"https://github.com\">Link here</a></div></p>\n"

sanitize_html(html)
#> [1] "<div><a href=\"https://github.com\">Link here</a></div>\n"

node <- xml2::read_xml(html)
san <- sanitize_node(node)
as.character(san, options=c("no_declaration"))
#> [1] "<div><a href=\"https://github.com\">Link here</a></div>\n"

trestletech/sanitizer documentation built on Dec. 23, 2021, 12:04 p.m.

rdrr.io home R language documentation Run R code online

CRAN packages Bioconductor packages R-Forge packages GitHub packages

Note that we can't provide technical support on individual packages. You should contact the package authors for that.

Tweet to @rdrrHQ

GitHub issue tracker

ian@mutexlabs.com