Safe Haskell	Safe-Inferred
Language	Haskell2010

Text.HTML.SanitizeXSS

Contents

Sanitize
Custom filtering
Utilities

Description

Sanatize HTML to prevent XSS attacks.

See README.md http://github.com/gregwebs/haskell-xss-sanitize for more details.

Synopsis

sanitize :: Text -> Text
sanitizeBalance :: Text -> Text
sanitizeXSS :: Text -> Text
filterTags :: ([Tag Text] -> [Tag Text]) -> Text -> Text
safeTags :: [Tag Text] -> [Tag Text]
safeTagsCustom :: (Text -> Bool) -> ((Text, Text) -> Maybe (Text, Text)) -> [Tag Text] -> [Tag Text]
clearTags :: [Tag Text] -> [Tag Text]
clearTagsCustom :: (Text -> Bool) -> [Tag Text] -> [Tag Text]
balanceTags :: [Tag Text] -> [Tag Text]
safeTagName :: Text -> Bool
sanitizeAttribute :: (Text, Text) -> Maybe (Text, Text)
sanitaryURI :: Text -> Bool

Sanitize

sanitize :: Text -> Text Source #

Sanitize HTML to prevent XSS attacks. This is equivalent to filterTags safeTags.

sanitizeBalance :: Text -> Text Source #

Sanitize HTML to prevent XSS attacks and also make sure the tags are balanced. This is equivalent to filterTags (balanceTags . safeTags).

sanitizeXSS :: Text -> Text Source #

alias of sanitize function

Custom filtering

filterTags :: ([Tag Text] -> [Tag Text]) -> Text -> Text Source #

Parse the given text to a list of tags, apply the given filtering function, and render back to HTML. You can insert your own custom filtering, but make sure you compose your filtering function with safeTags and clearTags or safeTagsCustom and clearTagsCustom.

safeTags :: [Tag Text] -> [Tag Text] Source #

Filters out unsafe tags and sanitizes attributes. Use with filterTags to create a custom filter.

safeTagsCustom Source #

Arguments

:: (Text -> Bool)	Select safe tags, like `safeTagName`
-> ((Text, Text) -> Maybe (Text, Text))	Sanitize attributes, like `sanitizeAttribute`
-> [Tag Text]
-> [Tag Text]

Filters out unsafe tags and sanitizes attributes, like safeTags, but uses custom functions for determining which tags are safe and for sanitizing attributes. This allows you to add or remove specific tags or attributes on the white list, or to use your own white list.

safeTagsCustom safeTagName sanitizeAttribute is equivalent to safeTags.

Since: 0.3.6

clearTags :: [Tag Text] -> [Tag Text] Source #

Directly removes tags even if they are not closed properly. This is importent to clear out both the script and iframe tag in sequences like "script iframe /iframe".

clearTagsCustom :: (Text -> Bool) -> [Tag Text] -> [Tag Text] Source #

Directly removes tags, like clearTags, but uses a custom function for determining which tags are safe.

clearTagsCustom clearableTagName is equivalent to clearTags.

balanceTags :: [Tag Text] -> [Tag Text] Source #

Filter which makes sure the tags are balanced. Use with filterTags and safeTags to create a custom filter.

Utilities

safeTagName :: Text -> Bool Source #

sanitizeAttribute :: (Text, Text) -> Maybe (Text, Text) Source #

low-level API if you have your own HTML parser. Used by safeTags.

sanitaryURI :: Text -> Bool Source #

Returns True if the specified URI is not a potential security risk.