Crate ammonia

source ·
Expand description

Ammonia is a whitelist-based HTML sanitization library. It is designed to prevent cross-site scripting, layout breaking, and clickjacking caused by untrusted user-provided HTML being mixed into a larger web page.

Ammonia uses html5ever to parse and serialize document fragments the same way browsers do, so it is extremely resilient to syntactic obfuscation.

Ammonia parses its input exactly according to the HTML5 specification; it will not linkify bare URLs, insert line or paragraph breaks, or convert (C) into ©. If you want that, use a markup processor before running the sanitizer, like pulldown-cmark.

Examples

let result = ammonia::clean(
    "<b><img src='' onerror='alert(\\'hax\\')'>I'm not trying to XSS you</b>"
);
assert_eq!(result, "<b><img src=\"\">I'm not trying to XSS you</b>");

Re-exports

pub extern crate url;

Structs

An HTML sanitizer.
A sanitized HTML document.
A parsed URL record.

Enums

Policy for relative URLs, that is, URLs that do not specify the scheme in full.

Traits

Functions

Clean HTML with a conservative set of defaults.