Safe Haskell | Safe-Inferred |
---|---|
Language | Haskell2010 |
Sanatize HTML to prevent XSS attacks.
See README.md http://github.com/gregwebs/haskell-xss-sanitize for more details.
Synopsis
- sanitize :: Text -> Text
- sanitizeBalance :: Text -> Text
- sanitizeXSS :: Text -> Text
- filterTags :: ([Tag Text] -> [Tag Text]) -> Text -> Text
- safeTags :: [Tag Text] -> [Tag Text]
- safeTagsCustom :: (Text -> Bool) -> ((Text, Text) -> Maybe (Text, Text)) -> [Tag Text] -> [Tag Text]
- clearTags :: [Tag Text] -> [Tag Text]
- clearTagsCustom :: (Text -> Bool) -> [Tag Text] -> [Tag Text]
- balanceTags :: [Tag Text] -> [Tag Text]
- safeTagName :: Text -> Bool
- sanitizeAttribute :: (Text, Text) -> Maybe (Text, Text)
- sanitaryURI :: Text -> Bool
Sanitize
sanitize :: Text -> Text Source #
Sanitize HTML to prevent XSS attacks. This is equivalent to filterTags safeTags
.
sanitizeBalance :: Text -> Text Source #
Sanitize HTML to prevent XSS attacks and also make sure the tags are balanced.
This is equivalent to filterTags (balanceTags . safeTags)
.
sanitizeXSS :: Text -> Text Source #
alias of sanitize function
Custom filtering
filterTags :: ([Tag Text] -> [Tag Text]) -> Text -> Text Source #
Parse the given text to a list of tags, apply the given filtering
function, and render back to HTML. You can insert your own custom
filtering, but make sure you compose your filtering function with
safeTags
and clearTags
or safeTagsCustom
and clearTagsCustom
.
safeTags :: [Tag Text] -> [Tag Text] Source #
Filters out unsafe tags and sanitizes attributes. Use with filterTags to create a custom filter.
:: (Text -> Bool) | Select safe tags, like
|
-> ((Text, Text) -> Maybe (Text, Text)) | Sanitize attributes,
like |
-> [Tag Text] | |
-> [Tag Text] |
Filters out unsafe tags and sanitizes attributes, like
safeTags
, but uses custom functions for determining which tags
are safe and for sanitizing attributes. This allows you to add or
remove specific tags or attributes on the white list, or to use
your own white list.
safeTagsCustom safeTagName sanitizeAttribute
is equivalent to
safeTags
.
Since: 0.3.6
clearTagsCustom :: (Text -> Bool) -> [Tag Text] -> [Tag Text] Source #
Directly removes tags, like clearTags, but uses a custom function for determining which tags are safe.
clearTagsCustom clearableTagName
is equivalent to
clearTags
.
balanceTags :: [Tag Text] -> [Tag Text] Source #
Filter which makes sure the tags are balanced. Use with filterTags
and safeTags
to create a custom filter.
Utilities
safeTagName :: Text -> Bool Source #
sanitizeAttribute :: (Text, Text) -> Maybe (Text, Text) Source #
low-level API if you have your own HTML parser. Used by safeTags.
sanitaryURI :: Text -> Bool Source #
Returns True
if the specified URI is not a potential security risk.