# sanitize-caja

**Repository Path**: mirrors_mapbox/sanitize-caja

## Basic Information

- **Project Name**: sanitize-caja
- **Description**: sanitize html
- **Primary Language**: Unknown
- **License**: Apache-2.0
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-08-09
- **Last Updated**: 2025-10-11

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

[![Build Status](https://secure.travis-ci.org/mapbox/sanitize-caja.png?branch=master)](http://travis-ci.org/mapbox/sanitize-caja)

# sanitize-caja

Sanitize HTML content using the [Google Caja JsHtmlSanitizer](https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer)
and a set of basic assumptions, and a wrapper to make it all work in nodejs
without global variable leaks and so on.

This is a slightly 'loosened' version of Caja's restrictions, to allow for
things like images, links, and a few HTML5 elements.

## api

### `sanitize(html: string)` -> sanitized string

Sanitize a string of HTML content, returning a sanitized string.

## install

    npm install @mapbox/sanitize-caja

## example

```js
var sanitize = require('@mapbox/sanitize-caja');

document.write(sanitize(evilUserInput));
```

## see also

* [Google Caja JsHtmlSanitizer](https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer)