Initial commit

Author: wooorm

.editorconfig

@@ -0,0 +1,15 @@
+root = true
+
+[*]
+indent_style = space
+indent_size = 4
+end_of_line = lf
+charset = utf-8
+trim_trailing_whitespace = true
+insert_final_newline = true
+
+[*.{json,remarkrc,eslintrc,sh}]
+indent_size = 2
+
+[*.md]
+trim_trailing_whitespace = false

.eslintignore

@@ -0,0 +1,4 @@
+coverage/
+example.js
+hast-util-sanitize.js
+hast-util-sanitize.min.js

.eslintrc

@@ -0,0 +1,6 @@
+{
+  "extends": "eslint:recommended",
+  "rules": {
+    "quotes": [2, "single"]
+  }
+}

.gitignore

@@ -0,0 +1,6 @@
+.DS_Store
+*.log
+coverage/
+node_modules/
+hast-util-sanitize.js
+hast-util-sanitize.min.js

.jscs.json

@@ -0,0 +1,39 @@
+{
+  "excludeFiles": [
+    "coverage/",
+    "node_modules/",
+    "hast-util-sanitize.js",
+    "hast-util-sanitize.min.js"
+  ],
+  "preset": "crockford",
+  "requireMultipleVarDecl": false,
+  "disallowDanglingUnderscores": false,
+  "disallowQuotedKeysInObjects": {"allExcept": ["reserved"]},
+  "disallowKeywords": [
+    "with"
+  ],
+  "maximumLineLength": {
+    "value": 79,
+    "allExcept": [
+      "regex",
+      "urlComments"
+    ]
+  },
+  "jsDoc": {
+    "checkAnnotations": "jsdoc3",
+    "checkParamExistence": true,
+    "checkParamNames": true,
+    "checkRedundantAccess": true,
+    "checkRedundantParams": true,
+    "checkRedundantReturns": true,
+    "checkReturnTypes": true,
+    "checkTypes": "strictNativeCase",
+    "enforceExistence": true,
+    "requireHyphenBeforeDescription": true,
+    "requireNewlineAfterDescription": true,
+    "requireParamDescription": true,
+    "requireParamTypes": true,
+    "requireReturnDescription": true,
+    "requireReturnTypes": true
+  }
+}

.remarkrc

@@ -0,0 +1,13 @@
+{
+  "output": true,
+  "plugins": [
+    "comment-config",
+    "lint",
+    "github",
+    "validate-links",
+    "usage"
+  ],
+  "settings": {
+    "bullet": "*"
+  }
+}

.travis.yml

@@ -0,0 +1,25 @@
+language: node_js
+node_js:
+- '0.11'
+- '0.12'
+- '4.0'
+- '5.0'
+- '6.0'
+after_success: bash <(curl -s https://codecov.io/bash)
+deploy:
+  - provider: npm
+    email: [email protected]
+    api_key:
+      secure: v7ILvzNZ4R2M4C94inlm2qtiiocsylnHEXZYaWT2RiLZXWNirrDgx71jA/LhKcEdajnwyQHSEzUKj5A8ik2E0gHiUElF2TGlSlLAQMrunNlnIExO5ENYdGFE62N7G5UeQUdmIzLH+YpQGUQMZFfTqgl6k3e+TDhvTNrFqoHAzC0HkugrGiIIvVwvwhvZ21U+U+YCkkckFwCdtEciPAAZ4E8XeSoHk0ItIVWm3ua4KTZ/Wz3/nlvK0WgmuKndDWqtMvZAEfaxNRsTJk6i/95DWfsycCvQXVhAJ0ehSDK6SgvVrE6i+eiBUowDsDdc+alDfJ0MMKE8hj+kRxaYEo5t64rqX+o8zatQxbcEozfx2D9OTWYjfihG7rFEEnBnZiLKcX6LqioTspaTna/vZjV1HmfgQXXvEsLYkA7OSUZCvm/XtGiM1Zamkl9O1zRWQvudHLsnrgFfQJMdL3aHcpGBfIiibP+EJHoBJprQN5sVyzdJyp8tzYMobPua+jhMrvKgaNPhfuZ+wmWQyU3ihI540feEPmZIg+YfzNLpp75i5gHBXIuSmZJ0AjVWhanV5NNRhDgh/AkldUnQOYeZXxiqcUAfi5anVuWwNvpq2xerLX2fJVbj09EeoXlN7w9S1pTemUlBhr+mDGudfLposXIRDcr7FhI/pcPKQX3tyQQ//hs=
+    on:
+      tags: true
+      node: '5.0'
+  - provider: releases
+    api_key:
+      secure: jL05HgVf3iCKoMo+Gr623BQEhex5HF63ifPVkOprWjP4xXXh5ZA8b5NOMMN0lAyvOTRjYpRMzqzwt9HATZD1FSbiIzpQ4Q2VPwnkDC0RGm22/QGkOLj/HGg+gdhzqzkR2CymfJOPLvCPatr37GBBB1rvM3kZ9cOHA1m91ZbKOKcTM/DcRKNoveFDb/Naz8AsLmBaiMSLPNSPV8lkcDbBTBatP/6xzpa1Y++BEAkTizaXGJD5dhs7kBsbJ27+MPwHieqUfVx5k2yIGA/TKBnEPFkToq6EvTzAIn3QXEO2r6WBwAVN3cCRq8b0RnRI28JVoNuvpCji5Oa0vgdOhlRCZKHY8bwD+tyQ+tCPb67GnOIWB0glad8RCtEZyjQDCwBaqqVV+Ab/qiUAv9V5dTU5HyLewijHOXcHkEtVJ/XcwJaJQOPnEDXsukrhxXI3h84FiL3d+32IOCkrOHmX9ISPaC1y6hllbqJ6Fqiqmn+fJfJyaUluXiqNmDgF9FRc+PcmY89EeHlbsjH9WfWCH8X7ZGoRiHUSSw96CY1XwXsOqJO50CVN0RtG32yoqALbhHQFuU1+UocHvskC9v8hXPX6l1lPfYU+IYSleO59nq+/sQ9r5Nr9ybF1ybLtzk/N7yL62+wxXazo2jgJM3dpAjsckTPmnz5iokKZ32QDJNSSU10=
+    file:
+      - "hast-util-sanitize.js"
+      - "hast-util-sanitize.min.js"
+    on:
+      tags: true
+      node: '6.0'

LICENSE

@@ -0,0 +1,22 @@
+(The MIT License)
+
+Copyright (c) 2016 Titus Wormer <[email protected]>
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+'Software'), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY
+CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT,
+TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE
+SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

example.js

@@ -0,0 +1,35 @@
+// Dependencies:
+var h = require('hastscript');
+var u = require('unist-builder');
+var sanitize = require('./index.js');
+var toHTML = require('hast-util-to-html');
+
+// Transform:
+var tree = h('div', {
+    onmouseover: 'alert("alpha")'
+}, [
+    h('a', {
+        href: 'jAva script:alert("bravo")',
+        onclick: 'alert("charlie")'
+    }, 'delta'),
+    u('text', '\n'),
+    h('script', 'alert("charlie")'),
+    u('text', '\n'),
+    h('img', {src: 'x', onerror: 'alert("delta")'}),
+    u('text', '\n'),
+    h('iframe', {src: 'javascript:alert("echo")'}),
+    u('text', '\n'),
+    h('math', h('mi', {
+        'xlink:href': 'data:x,<script>alert("foxtrot")</script>'
+    }))
+]);
+
+// Compile:
+var unsanitized = toHTML(tree);
+var sanitized = toHTML(sanitize(tree));
+
+// Unsanitized:
+console.log('html', unsanitized);
+
+// Sanitized:
+console.log('html', sanitized);

history.md

@@ -0,0 +1,6 @@
+<!--remark setext-->
+
+<!--lint disable no-multiple-toplevel-headings -->
+
+0.0.0 / 2016-06-18
+==================