HTML sanitizer shard

straight-shoota · May 28, 2020, 8:21pm

I’ve created a shard for sanitizing HTML (or XML) documents or fragments. If you have a web application that renders untrusted HTML you should make sure to have a sanitizer to prevent XSS attacks and other potentially harmfull doings. That includes rendering markdown.

Since this is a very typical application, there’s a dedicated example how to integrate with Crystal’s most popular Markdown shard markd.

I’m hoping to receive some reviews on this shard. This is quite a serious matter for production apps. So I’d appreciate anyone looking into it. Please try to break it =)

Besides having a solid filtering mechanism, a key component is to provide good defaults for common use cases. That’s where the different standard configurations come into play. Do they make sense for your use cases?

mavu · May 29, 2020, 9:27am

Anyone else read the title as HAND sanitizer shard?

wontruefree · May 29, 2020, 7:38pm

This is awesome. What are the web frameworks currently using to sanitize HTML?

Topic		Replies	Views
What do you think is the most fleshed out HTML parsing shard? Help & Support	3	339	February 4, 2019
Websites for programmers using Crystal Community	9	1113	June 23, 2021
[Screencast] Lucky framework's unique take on rendering HTML with plain Crystal methods Learning Resources	1	613	August 27, 2020
Reed Solomon shard or equivalent Community	3	77	September 26, 2024
Crystal from a newbies perspective News	7	498	May 5, 2023

HTML sanitizer shard

Related topics