1. module sanitize-html
   1. function sanitize-html (html, options, _recursing)
   2. function sanitize-html.simpleTransform (newTagName, newAttribs, merge)
   3. object sanitize-html.defaults

module sanitize-html

function sanitize-html (html, options, _recursing)

• description and source-code

  function sanitizeHtml(html, options, _recursing) {
    var result = '';
  
    function Frame(tag, attribs) {
      var that = this;
      this.tag = tag;
      this.attribs = attribs || {};
      this.tagPosition = result.length;
      this.text = ''; // Node inner text
  
      this.updateParentNodeText = function() {
        if (stack.length) {
            var parentFrame = stack[stack.length - 1];
            parentFrame.text += that.text;
        }
      };
    }
  
    if (!options) {
      options = sanitizeHtml.defaults;
      options.parser = htmlParserDefaults;
    } else {
      options = extend(sanitizeHtml.defaults, options);
      if (options.parser) {
        options.parser = extend(htmlParserDefaults, options.parser);
      } else {
        options.parser = htmlParserDefaults;
      }
    }
  
    // Tags that contain something other than HTML, or where discarding
    // the text when the tag is disallowed makes sense for other reasons.
    // If we are not allowing these tags, we should drop their content too.
    // For other tags you would drop the tag but keep its content.
    var nonTextTagsArray = options.nonTextTags || [ 'script', 'style', 'textarea' ];
    var allowedAttributesMap;
    var allowedAttributesGlobMap;
    if(options.allowedAttributes) {
      allowedAttributesMap = {};
      allowedAttributesGlobMap = {};
      each(options.allowedAttributes, function(attributes, tag) {
        allowedAttributesMap[tag] = [];
        var globRegex = [];
        attributes.forEach(function(name) {
          if(name.indexOf('*') >= 0) {
            globRegex.push(quoteRegexp(name).replace(/\\\*/g, '.*'));
          } else {
            allowedAttributesMap[tag].push(name);
          }
        });
        allowedAttributesGlobMap[tag] = new RegExp('^(' + globRegex.join('|') + ')$');
      });
    }
    var allowedClassesMap = {};
    each(options.allowedClasses, function(classes, tag) {
      // Implicitly allows the class attribute
      if(allowedAttributesMap) {
        if (!has(allowedAttributesMap, tag)) {
          allowedAttributesMap[tag] = [];
        }
        allowedAttributesMap[tag].push('class');
      }
  
      allowedClassesMap[tag] = classes;
    });
  
    var transformTagsMap = {};
    var transformTagsAll;
    each(options.transformTags, function(transform, tag) {
      var transFun;
      if (typeof transform === 'function') {
        transFun = transform;
      } else if (typeof transform === "string") {
        transFun = sanitizeHtml.simpleTransform(transform);
      }
      if (tag === '*') {
        transformTagsAll = transFun;
      } else {
        transformTagsMap[tag] = transFun;
      }
    });
  
    var depth = 0;
    var stack = [];
    var skipMap = {};
    var transformMap = {};
    var skipText = false;
    var skipTextDepth = 0;
  
    var parser = new htmlparser.Parser({
      onopentag: function(name, attribs) {
        if (skipText) {
          skipTextDepth++;
          return;
        }
        var frame = new Frame(name, attribs);
        stack.push(frame);
  
        var skip = false;
        var hasText = frame.text ? true : false;
        var transformedTag;
        if (has(transformTagsMap, name)) {
          transformedTag = transformTagsMap[name](name, attribs);
  
          frame.attribs = attribs = transformedTag.attribs;
  
          if (transformedTag.text !== undefined) {
            frame.innerText = transformedTag.text;
          }
  
          if (name !== transformedTag.tagName) {
            frame.name = name = transformedTag.tagName;
            transformMap[depth] = transformedTag.tagName;
          }
        }
        if (transformTagsAll) {
          transformedTag = transformTagsAll(name, attribs);
  
          frame.attribs = attribs = transformedTag.attribs;
          if (name !== transformedTag.tagName) {
            frame.name = name = transformedTag.tagName;
            transformMap[depth] = transformedTag.tagName;
          }
        }
  
        if (options.allowedTags && options.allowedTags.indexOf(name) === -1) {
          skip = true;
          if (nonTextTagsArray.indexOf(name) !== -1) {
            skipText = true;
            skipTextDepth = 1;
          }
          skipMap[depth] = true;
        }
        depth++;
        if (skip) {
          // We want the contents but not this tag ...

• example usage

  n/a

function sanitize-html.simpleTransform (newTagName, newAttribs, merge)

• description and source-code

  simpleTransform = function (newTagName, newAttribs, merge) {
    merge = (merge === undefined) ? true : merge;
    newAttribs = newAttribs || {};
  
    return function(tagName, attribs) {
      var attrib;
      if (merge) {
        for (attrib in newAttribs) {
          attribs[attrib] = newAttribs[attrib];
        }
      } else {
        attribs = newAttribs;
      }
  
      return {
        tagName: newTagName,
        attribs: attribs
      };
    };
  }

• example usage

  ...
  You can specify the `*` wildcard instead of a tag name to transform all tags.
  
  There is also a helper method which should be enough for simple cases in which you want to change the tag and/or add some attributes
  :
  
  ```js
  clean = sanitizeHtml(dirty, {
    transformTags: {
      'ol': sanitizeHtml.simpleTransform('ul', {class: 'foo'
  ;}),
    }
  });
  ```
  
  The `simpleTransform` helper method has 3 parameters:
  
  ```js
  ...