MCPcopy
hub / github.com/cure53/DOMPurify / Config

Interface Config

src/config.ts:6–232  ·  view source on GitHub ↗

Source from the content-addressed store, hash-verified

4 * Configuration to control DOMPurify behavior.
5 */
6export interface Config {
7 /**
8 * Extend the existing array of allowed attributes.
9 * Can be an array of attribute names, or a function that receives
10 * the attribute name and tag name to determine if the attribute is allowed.
11 */
12 ADD_ATTR?:
13 | string[]
14 | ((attributeName: string, tagName: string) => boolean)
15 | undefined;
16
17 /**
18 * Extend the existing array of elements that can use Data URIs.
19 */
20 ADD_DATA_URI_TAGS?: string[] | undefined;
21
22 /**
23 * Extend the existing array of allowed tags.
24 * Can be an array of tag names, or a function that receives
25 * the tag name to determine if the tag is allowed.
26 */
27 ADD_TAGS?: string[] | ((tagName: string) => boolean) | undefined;
28
29 /**
30 * Extend the existing array of elements that are safe for URI-like values (be careful, XSS risk).
31 */
32 ADD_URI_SAFE_ATTR?: string[] | undefined;
33
34 /**
35 * Allow ARIA attributes, leave other safe HTML as is (default is true).
36 */
37 ALLOW_ARIA_ATTR?: boolean | undefined;
38
39 /**
40 * Allow HTML5 data attributes, leave other safe HTML as is (default is true).
41 */
42 ALLOW_DATA_ATTR?: boolean | undefined;
43
44 /**
45 * Allow external protocol handlers in URL attributes (default is false, be careful, XSS risk).
46 * By default only `http`, `https`, `ftp`, `ftps`, `tel`, `mailto`, `callto`, `sms`, `cid` and `xmpp` are allowed.
47 */
48 ALLOW_UNKNOWN_PROTOCOLS?: boolean | undefined;
49
50 /**
51 * Decide if self-closing tags in attributes are allowed.
52 * Usually removed due to a mXSS issue in jQuery 3.0.
53 */
54 ALLOW_SELF_CLOSE_IN_ATTR?: boolean | undefined;
55
56 /**
57 * Allow only specific attributes.
58 */
59 ALLOWED_ATTR?: string[] | undefined;
60
61 /**
62 * Allow only specific elements.
63 */

Callers

nothing calls this directly

Calls

no outgoing calls

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…