Initial commit

Author: wooorm

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{json,remarkrc,eslintrc,sh}]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false

.eslintignore

@@ -0,0 +1,4 @@
+coverage/
+example.js
+hast-util-sanitize.js
+hast-util-sanitize.min.js

.eslintrc

@@ -0,0 +1,6 @@
+{
+  "extends": "eslint:recommended",
+  "rules": {
+    "quotes": [2, "single"]
+  }
+}

.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+*.log
+coverage/
+node_modules/
+hast-util-sanitize.js
+hast-util-sanitize.min.js

.jscs.json

@@ -0,0 +1,39 @@
+{
+  "excludeFiles": [
+    "coverage/",
+    "node_modules/",
+    "hast-util-sanitize.js",
+    "hast-util-sanitize.min.js"
+  ],
+  "preset": "crockford",
+  "requireMultipleVarDecl": false,
+  "disallowDanglingUnderscores": false,
+  "disallowQuotedKeysInObjects": {"allExcept": ["reserved"]},
+  "disallowKeywords": [
+    "with"
+  ],
+  "maximumLineLength": {
+    "value": 79,
+    "allExcept": [
+      "regex",
+      "urlComments"
+    ]
+  },
+  "jsDoc": {
+    "checkAnnotations": "jsdoc3",
+    "checkParamExistence": true,
+    "checkParamNames": true,
+    "checkRedundantAccess": true,
+    "checkRedundantParams": true,
+    "checkRedundantReturns": true,
+    "checkReturnTypes": true,
+    "checkTypes": "strictNativeCase",
+    "enforceExistence": true,
+    "requireHyphenBeforeDescription": true,
+    "requireNewlineAfterDescription": true,
+    "requireParamDescription": true,
+    "requireParamTypes": true,
+    "requireReturnDescription": true,
+    "requireReturnTypes": true
+  }
+}

.remarkrc

@@ -0,0 +1,13 @@
+{
+  "output": true,
+  "plugins": [
+    "comment-config",
+    "lint",
+    "github",
+    "validate-links",
+    "usage"
+  ],
+  "settings": {
+    "bullet": "*"
+  }
+}

.travis.yml

@@ -0,0 +1,25 @@
+language: node_js
+node_js:
+- '0.11'
+- '0.12'
+- '4.0'
+- '5.0'
+- '6.0'
+after_success: bash <(curl -s https://codecov.io/bash)
+deploy:
+  - provider: npm
+    email: [email protected]
+    api_key:
+      secure: v7ILvzNZ4R2M4C94inlm2qtiiocsylnHEXZYaWT2RiLZXWNirrDgx71jA/LhKcEdajnwyQHSEzUKj5A8ik2E0gHiUElF2TGlSlLAQMrunNlnIExO5ENYdGFE62N7G5UeQUdmIzLH+YpQGUQMZFfTqgl6k3e+TDhvTNrFqoHAzC0HkugrGiIIvVwvwhvZ21U+U+YCkkckFwCdtEciPAAZ4E8XeSoHk0ItIVWm3ua4KTZ/Wz3/nlvK0WgmuKndDWqtMvZAEfaxNRsTJk6i/95DWfsycCvQXVhAJ0ehSDK6SgvVrE6i+eiBUowDsDdc+alDfJ0MMKE8hj+kRxaYEo5t64rqX+o8zatQxbcEozfx2D9OTWYjfihG7rFEEnBnZiLKcX6LqioTspaTna/vZjV1HmfgQXXvEsLYkA7OSUZCvm/XtGiM1Zamkl9O1zRWQvudHLsnrgFfQJMdL3aHcpGBfIiibP+EJHoBJprQN5sVyzdJyp8tzYMobPua+jhMrvKgaNPhfuZ+wmWQyU3ihI540feEPmZIg+YfzNLpp75i5gHBXIuSmZJ0AjVWhanV5NNRhDgh/AkldUnQOYeZXxiqcUAfi5anVuWwNvpq2xerLX2fJVbj09EeoXlN7w9S1pTemUlBhr+mDGudfLposXIRDcr7FhI/pcPKQX3tyQQ//hs=
+    on:
+      tags: true
+      node: '5.0'
+  - provider: releases
+    api_key:
+      secure: jL05HgVf3iCKoMo+Gr623BQEhex5HF63ifPVkOprWjP4xXXh5ZA8b5NOMMN0lAyvOTRjYpRMzqzwt9HATZD1FSbiIzpQ4Q2VPwnkDC0RGm22/QGkOLj/HGg+gdhzqzkR2CymfJOPLvCPatr37GBBB1rvM3kZ9cOHA1m91ZbKOKcTM/DcRKNoveFDb/Naz8AsLmBaiMSLPNSPV8lkcDbBTBatP/6xzpa1Y++BEAkTizaXGJD5dhs7kBsbJ27+MPwHieqUfVx5k2yIGA/TKBnEPFkToq6EvTzAIn3QXEO2r6WBwAVN3cCRq8b0RnRI28JVoNuvpCji5Oa0vgdOhlRCZKHY8bwD+tyQ+tCPb67GnOIWB0glad8RCtEZyjQDCwBaqqVV+Ab/qiUAv9V5dTU5HyLewijHOXcHkEtVJ/XcwJaJQOPnEDXsukrhxXI3h84FiL3d+32IOCkrOHmX9ISPaC1y6hllbqJ6Fqiqmn+fJfJyaUluXiqNmDgF9FRc+PcmY89EeHlbsjH9WfWCH8X7ZGoRiHUSSw96CY1XwXsOqJO50CVN0RtG32yoqALbhHQFuU1+UocHvskC9v8hXPX6l1lPfYU+IYSleO59nq+/sQ9r5Nr9ybF1ybLtzk/N7yL62+wxXazo2jgJM3dpAjsckTPmnz5iokKZ32QDJNSSU10=
+    file:
+      - "hast-util-sanitize.js"
+      - "hast-util-sanitize.min.js"
+    on:
+      tags: true
+      node: '6.0'

LICENSE

@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2016 Titus Wormer <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

example.js

@@ -0,0 +1,35 @@
+// Dependencies:
+var h = require('hastscript');
+var u = require('unist-builder');
+var sanitize = require('./index.js');
+var toHTML = require('hast-util-to-html');
+
+// Transform:
+var tree = h('div', {
+    onmouseover: 'alert("alpha")'
+}, [
+    h('a', {
+        href: 'jAva script:alert("bravo")',
+        onclick: 'alert("charlie")'
+    }, 'delta'),
+    u('text', '\n'),
+    h('script', 'alert("charlie")'),
+    u('text', '\n'),
+    h('img', {src: 'x', onerror: 'alert("delta")'}),
+    u('text', '\n'),
+    h('iframe', {src: 'javascript:alert("echo")'}),
+    u('text', '\n'),
+    h('math', h('mi', {
+        'xlink:href': 'data:x,<script>alert("foxtrot")</script>'
+    }))
+]);
+
+// Compile:
+var unsanitized = toHTML(tree);
+var sanitized = toHTML(sanitize(tree));
+
+// Unsanitized:
+console.log('html', unsanitized);
+
+// Sanitized:
+console.log('html', sanitized);

history.md

@@ -0,0 +1,6 @@
+<!--remark setext-->
+
+<!--lint disable no-multiple-toplevel-headings -->
+
+0.0.0 / 2016-06-18
+==================

index.js

@@ -0,0 +1,14 @@
+/**
+ * @author Titus Wormer
+ * @copyright 2015 Titus Wormer
+ * @license MIT
+ * @module hdast:sanitize
+ * @fileoverview Sanitize HAST.
+ */
+
+'use strict';
+
+/* eslint-env commonjs */
+
+/* Expose. */
+module.exports = require('./lib/index');

lib/github.json

@@ -0,0 +1,200 @@
+{
+  "strip": [
+    "script"
+  ],
+  "clobberPrefix": "user-content-",
+  "clobber": [
+    "name",
+    "id"
+  ],
+  "ancestors": {
+    "li": [
+      "ol",
+      "ul"
+    ],
+    "tbody": [
+      "table"
+    ],
+    "tfoot": [
+      "table"
+    ],
+    "thead": [
+      "table"
+    ],
+    "td": [
+      "table"
+    ],
+    "th": [
+      "table"
+    ],
+    "tr": [
+      "table"
+    ]
+  },
+  "protocols": {
+    "href": [
+      "http",
+      "https",
+      "mailto"
+    ],
+    "cite": [
+      "http",
+      "https"
+    ],
+    "src": [
+      "http",
+      "https"
+    ],
+    "longDesc": [
+      "http",
+      "https"
+    ]
+  },
+  "tagNames": [
+    "h1",
+    "h2",
+    "h3",
+    "h4",
+    "h5",
+    "h6",
+    "h7",
+    "h8",
+    "br",
+    "b",
+    "i",
+    "strong",
+    "em",
+    "a",
+    "pre",
+    "code",
+    "img",
+    "tt",
+    "div",
+    "ins",
+    "del",
+    "sup",
+    "sub",
+    "p",
+    "ol",
+    "ul",
+    "table",
+    "thead",
+    "tbody",
+    "tfoot",
+    "blockquote",
+    "dl",
+    "dt",
+    "dd",
+    "kbd",
+    "q",
+    "samp",
+    "var",
+    "hr",
+    "ruby",
+    "rt",
+    "rp",
+    "li",
+    "tr",
+    "td",
+    "th",
+    "s",
+    "strike",
+    "summary",
+    "details"
+  ],
+  "attributes": {
+    "a": [
+      "href"
+    ],
+    "img": [
+      "src",
+      "longDesc"
+    ],
+    "div": [
+      "itemScope",
+      "itemType"
+    ],
+    "blockquote": [
+      "cite"
+    ],
+    "del": [
+      "cite"
+    ],
+    "ins": [
+      "cite"
+    ],
+    "q": [
+      "cite"
+    ],
+    "*": [
+      "abbr",
+      "accept",
+      "acceptCharset",
+      "accessKey",
+      "action",
+      "align",
+      "alt",
+      "axis",
+      "border",
+      "cellPadding",
+      "cellSpacing",
+      "char",
+      "charoff",
+      "charSet",
+      "checked",
+      "clear",
+      "cols",
+      "colSpan",
+      "color",
+      "compact",
+      "coords",
+      "dateTime",
+      "dir",
+      "disabled",
+      "encType",
+      "htmlFor",
+      "frame",
+      "headers",
+      "height",
+      "hrefLang",
+      "hspace",
+      "isMap",
+      "id",
+      "label",
+      "lang",
+      "maxLength",
+      "media",
+      "method",
+      "multiple",
+      "name",
+      "nohref",
+      "noshade",
+      "nowrap",
+      "open",
+      "prompt",
+      "readOnly",
+      "rel",
+      "rev",
+      "rows",
+      "rowSpan",
+      "rules",
+      "scope",
+      "selected",
+      "shape",
+      "size",
+      "span",
+      "start",
+      "summary",
+      "tabIndex",
+      "target",
+      "title",
+      "type",
+      "useMap",
+      "valign",
+      "value",
+      "vspace",
+      "width",
+      "itemProp"
+    ]
+  }
+}