Expand description
Ammonia is a whitelist-based HTML sanitization library. It is designed to prevent cross-site scripting, layout breaking, and clickjacking caused by untrusted user-provided HTML being mixed into a larger web page.
Ammonia uses html5ever to parse and serialize document fragments the same way browsers do, so it is extremely resilient to syntactic obfuscation.
Ammonia parses its input exactly according to the HTML5 specification;
it will not linkify bare URLs, insert line or paragraph breaks, or convert (C) into ©.
If you want that, use a markup processor before running the sanitizer, like pulldown-cmark.
§Examples
let result = ammonia::clean(
"<b><img src='' onerror=alert('hax')>I'm not trying to XSS you</b>"
);
assert_eq!(result, "<b><img src=\"\">I'm not trying to XSS you</b>");Re-exports§
pub use url;
Structs§
Enums§
- UrlRelative
- Policy for relative URLs, that is, URLs that do not specify the scheme in full.
Traits§
- Attribute
Filter - Types that implement this trait can be used to remove or rewrite arbitrary attributes.
- UrlRelative
Evaluate - Types that implement this trait can be used to convert a relative URL into an absolute URL.
Functions§
- clean
- Clean HTML with a conservative set of defaults.
- clean_
text - Turn an arbitrary string into unformatted HTML.
- is_html
- Determine if a given string contains HTML