An implementation of PHP's strip_tags in Node.js.
- Fast
- Zero dependencies
- 100% test code coverage
- No unsafe regular expressions!
npm install striptags
striptags(html, allowedTags, tagReplacement);
var striptags = require('striptags');
var html =
'<a href="https://example.com">' +
'lorem ipsum <strong>dolor</strong> <em>sit</em> amet' +
'</a>';
striptags(html);
striptags(html, '<a><strong>');
striptags(html, ['a']);
striptags(html, [], '\n');
Outputs:
'lorem ipsum dolor sit amet'
'<a href="https://example.com">lorem ipsum <strong>dolor</strong> sit amet</a>'
'<a href="https://example.com">lorem ipsum dolor sit amet</a>'
lorem ipsum
dolor
sit amet
You can run tests (powered by mocha) locally via:
npm test
Generate test coverage (powered by blanket.js) via :
npm run test-coverage
In this version, not much! This now closely resembles a 'port' from PHP 5.5's internal implementation of strip_tags, php_strip_tags_ex.
One major difference is that this JS version does not strip PHP-style tags; it seemed out of place in a node.js project. Let me know if this is important enough to consider including.
striptags does not use any regular expressions for stripping HTML tags (these are used for detecting whitespace and parsing the allowedTags parameter, not finding HTML).
Regular expressions are not capable of preventing all possible scripting attacks (see this). Here is a great StackOverflow answer regarding how strip_tags (when used without specifying allowableTags) is not vulnerable to scripting attacks.