Ammonia is a whitelist-based HTML sanitization library. It is designed to take untrusted user input with some HTML.
Because Ammonia uses html5ever to parse document fragments the same way browsers do, it is extremely resilient to unknown attacks, much more so than regular-expression-based sanitizers.
This library's API is modeled after jsocol's Bleach library for Python, but is not affiliated with it in any way. Unlike Bleach, it does not do linkification, it only sanitizes URLs in existing links.
let result = ammonia::clean("<b><img src='' onerror='alert(\\'hax\\')'>I'm not trying to XSS you</b>"); assert_eq!(result, "<b>I'm not trying to XSS you</b>");
Settings for HTML cleaning.
Clean HTML with a conservative set of defaults.