HTML sanitizer shard

straight-shoota · May 28, 2020, 8:21pm

I’ve created a shard for sanitizing HTML (or XML) documents or fragments. If you have a web application that renders untrusted HTML you should make sure to have a sanitizer to prevent XSS attacks and other potentially harmfull doings. That includes rendering markdown.

Since this is a very typical application, there’s a dedicated example how to integrate with Crystal’s most popular Markdown shard markd.

I’m hoping to receive some reviews on this shard. This is quite a serious matter for production apps. So I’d appreciate anyone looking into it. Please try to break it =)

Besides having a solid filtering mechanism, a key component is to provide good defaults for common use cases. That’s where the different standard configurations come into play. Do they make sense for your use cases?

mavu · May 29, 2020, 9:27am

Anyone else read the title as HAND sanitizer shard?

wontruefree · May 29, 2020, 7:38pm

This is awesome. What are the web frameworks currently using to sanitize HTML?

Topic		Replies	Views
Need Object taint Community	6	560	December 9, 2020
Missing docs in crystal compiler Help & Support	4	136	May 8, 2026
A small utility to convert markdown to html (for publishing on social media, Medium, etc) News	3	664	May 6, 2022
What do you think is the most fleshed out HTML parsing shard? Help & Support	3	425	February 4, 2019
Hosted documentation site Community	32	1959	April 14, 2020

HTML sanitizer shard

Related topics