Clean and sanitize HTML to ensure user supplied content is safe and secure
Neutrino's HTML Clean API sanitizes and cleans untrusted HTML from user supplied content (or content from external sources), to ensure that it is safe and prevent cross-site scripting attacks (XSS).
The Neutrino HTML Sanitizer block filters HTML from real-time messages to prevent security exploits or reformats the text to whatever you want. For example, if you're building a real-time forum, HTML Sanitizer block can reformat user submissions to ensure that it only includes bold and italics, and scrubs out any security issues that may be hidden in the HTML.
Walkthrough
Sign up for the Neutrino API and enter your User ID and API Key as the two variables userId and apiKeyrespectively.
Then specify what level of HTML filtering your system requires in the variable output-type. Neutrino supports the following settings:
plain-text: reduce the content to plain text only (no HTML tags at all)
simple-text: allow only very basic text formatting tags like b, em, i, strong, u
basic-html: allow advanced text formatting and hyper links
basic-html-with-images: same as basic html but also allows image tags
advanced-html: same as basic html with images but also allows many more common HTML tags like table, ul, dl, pre
The block will then forward messages sent to it to the Neutrino API and filter HTML before it reaches the next client.
Input
Message including HTML sent over PubNub
"<strong>strong</strong>
<b>bold</b>
<i>italics</i>
image:<img src='https://admin.pubnub.com/static/images/structure/pubnub-w.png'>
iframe:<iframe src='http://pubnub.com'></iframe>
script:<script>alert('xss')</script>"
Output
Filtered message that only includes bold and italics.
"<strong>strong</strong>\n <b>bold</b>\n <i>italics</i> image:iframe:script:"
Feedback & Support
Need help? Contact PubNub Support.
THE MIT LICENSE (MIT)
Copyright (c) 2018 PubNub
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.