Skip to content
Repair and secure untrusted HTML
Rust Python
Branch: master
Clone or download
bors and danloh Merge #129
129: fix Example code in REANDME r=notriddle a=danloh

pulldown_cmark related code

Co-authored-by: D.Loh <lploh2016@gmail.com>
Latest commit 9d40bbc Jan 11, 2020
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
benchmarks Relicense the benchmark code under the "sure whatever" license Aug 24, 2019
examples Import macros and switch to implicit crate imports Jul 25, 2019
src feat: support adding attribute values to elements Oct 9, 2019
tests Drop extern crate in version test and README example Jul 25, 2019
.gitignore Initial commit. Aug 22, 2015
.travis.yml Bump MSRV to match string_cache Oct 9, 2019
CHANGELOG.md Update changelog Jul 25, 2019
CODE_OF_CONDUCT.md Create CODE_OF_CONDUCT.md Oct 3, 2017
Cargo.toml Use preferred syntax for the license Jul 25, 2019
LICENSE-APACHE
LICENSE-MIT Prepare 2.1.1 release May 8, 2019
README.md fix Example code in REANDME Jan 11, 2020
RELEASE_PROCESS.md Remove the no-longer-used html root stuff from the release process Mar 3, 2018

README.md

HTML Sanitization

Crates.IO Requires rustc 1.36.0

Ammonia is a whitelist-based HTML sanitization library. It is designed to prevent cross-site scripting, layout breaking, and clickjacking caused by untrusted user-provided HTML being mixed into a larger web page.

Ammonia uses html5ever to parse and serialize document fragments the same way browsers do, so it is extremely resilient to syntactic obfuscation.

Ammonia parses its input exactly according to the HTML5 specification; it will not linkify bare URLs, insert line or paragraph breaks, or convert (C) into ©. If you want that, use a markup processor before running the sanitizer, like pulldown-cmark.

Installation

To use ammonia, add it to your project's Cargo.toml file:

[dependencies]
ammonia = "3"

Changes

Please see the CHANGELOG for a release history.

Example

Using pulldown-cmark together with Ammonia for a friendly user-facing comment site.

use ammonia::clean;
use pulldown_cmark::{Parser, Options, html::push_html};

let text = "[a link](http://www.notriddle.com/)";

let mut options = Options::empty();
options.insert(Options::ENABLE_TABLES);

let mut md_parse = Parser::new_ext(text, options);
let mut unsafe_html = String::new();
push_html(&mut unsafe_html, md_parse);

let safe_html = clean(&*unsafe_html);
assert_eq!(safe_html, "<a href=\"http://www.notriddle.com/\">a link</a>");

Performance

Ammonia builds a DOM, traverses it (replacing unwanted nodes along the way), and serializes it again. It could be faster for what it does, and if you don't want to allow any HTML it is possible to be even faster than that.

However, it takes about fifteen times longer to sanitize an HTML string using bleach-2.0.0 with html5lib-0.999999999 than it does using Ammonia 1.0.

$ cd benchmarks
$ cargo run --release
    Running `target/release/ammonia_bench`
87539 nanoseconds to clean up the intro to the Ammonia docs.
$ python bleach_bench.py
(1498800.015449524, 'nanoseconds to clean up the intro to the Ammonia docs.')

License

Licensed under either of these:

Thanks

Thanks to the other sanitizer libraries, particularly Bleach for Python and sanitize-html for Node, which we blatantly copied most of our API from.

Thanks to ChALkeR, whose Improper Markup Sanitization document helped us find high-level semantic holes in Ammonia, and to ssokolow, whose review and experience were also very helpful.

And finally, thanks to the contributors.

You can’t perform that action at this time.