An implementation of PHP's strip_tags in Node.js.
Note: v3+
targets ES6, and is therefore incompatible with the master branch of uglifyjs
. You can either:
- use
babili
, which supports ES6 - use the
harmony
branch ofuglifyjs
- stick with the 2.x.x branch
- Fast
- Zero dependencies
- 100% test code coverage
- No unsafe regular expressions
npm install striptags
striptags(html, allowed_tags, tag_replacement);
var striptags = require('striptags');
var html =
'<a href="https://example.com">' +
'lorem ipsum <strong>dolor</strong> <em>sit</em> amet' +
'</a>';
striptags(html);
striptags(html, '<strong>');
striptags(html, ['a']);
striptags(html, [], '\n');
Outputs:
'lorem ipsum dolor sit amet'
lorem ipsum <strong>dolor</strong> sit amet'
'<a href="https://example.com">lorem ipsum dolor sit amet</a>'
lorem ipsum
dolor
sit amet
striptags
can also operate in streaming mode. Simply call init_streaming_mode
to get back a function that accepts HTML and outputs stripped HTML. State is saved between calls so that partial HTML can be safely passed in.
let stream_function = striptags.init_streaming_mode(
allowed_tags,
tag_replacement
);
let partial_text = stream_function(partial_html);
let more_text = stream_function(more_html);
Check out test/striptags-test.js for a concrete example.
You can run tests (powered by mocha) locally via:
npm test
Generate test coverage (powered by istanbul) via :
npm run coverage
striptags
does not use any regular expressions for stripping HTML tags.
Regular expressions are not capable of preventing all possible scripting attacks (see this). Here is a great StackOverflow answer regarding how strip_tags (when used without specifying allowableTags) is not vulnerable to scripting attacks.