The Crystal Programming Language Forum

HTML sanitizer shard

https://shardbox.org/shards/sanitize

I’ve created a shard for sanitizing HTML (or XML) documents or fragments. If you have a web application that renders untrusted HTML you should make sure to have a sanitizer to prevent XSS attacks and other potentially harmfull doings. That includes rendering markdown.

Since this is a very typical application, there’s a dedicated example how to integrate with Crystal’s most popular Markdown shard markd.

I’m hoping to receive some reviews on this shard. This is quite a serious matter for production apps. So I’d appreciate anyone looking into it. Please try to break it =)

Besides having a solid filtering mechanism, a key component is to provide good defaults for common use cases. That’s where the different standard configurations come into play. Do they make sense for your use cases?

4 Likes

Anyone else read the title as HAND sanitizer shard?

3 Likes

This is awesome. What are the web frameworks currently using to sanitize HTML?