%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%23061b40;%20}%20.st1%20{%20fill:%20%23306af1;%20}%20.st2%20{%20fill:%20%235ce5cf;%20}%20%3c/style%3e%3c/defs%3e%3cg%3e%3cpath%20class='st0'%20d='M55,10.5h9v3h-9v9h12V7.5h-12v3ZM64,19.5h-6v-3h6v3Z'/%3e%3cpolygon%20class='st0'%20points='69%2016.5%2078%2016.5%2078%2019.5%2069%2019.5%2069%2022.5%2081%2022.5%2081%2013.5%2072%2013.5%2072%2010.5%2081%2010.5%2081%207.5%2069%207.5%2069%2016.5'/%3e%3cpolygon%20class='st0'%20points='95%2010.5%2095%207.5%2083%207.5%2083%2022.5%2095%2022.5%2095%2019.5%2086%2019.5%2086%2016.5%2095%2016.5%2095%2013.5%2086%2013.5%2086%2010.5%2095%2010.5'/%3e%3cpath%20class='st0'%20d='M40,1.5v21h11.6l1.4-1.4v-7.6h0c0,0-1.4-1.5-1.4-1.5l1.4-1.4V2.9l-1.4-1.4h-11.6ZM50,19.5h-7v-6h7v6ZM50,10.5h-7v-6h7v6Z'/%3e%3c/g%3e%3cpath%20class='st1'%20d='M23.1,24L14.7,4.8l-4.9,11.2h3.8l-1.8,4H3.3L12.1,0H2C.9,0,0,.9,0,2v20c0,1.1.9,2,2,2h21.1Z'/%3e%3cpath%20class='st2'%20d='M34,0h-16.8l10.6,24h6.2c1.1,0,2-.9,2-2V2C36,.9,35.1,0,34,0ZM32.5,20h-4V4h4v16Z'/%3e%3c/svg%3e)
Ai Chat Example
DOMPurify is an open-source library for sanitizing HTML content, which can prevent XSS attacks and supports a variety of usage scenarios.
rating : 2 points
downloads : 8.3K
What is DOMPurify?
DOMPurify is a JavaScript library for sanitizing HTML code, specifically designed to prevent XSS attacks. It works by removing all malicious code while retaining safe HTML content.How to use DOMPurify?
Simply introduce DOMPurify into your project and then call the sanitize method to process any HTML string that needs to be sanitized.Applicable scenarios
Suitable for any web application that needs to process user-input HTML content, especially those scenarios that need to display rich text content.Main features
XSS protection
Automatically detect and remove malicious scripts and XSS attack vectors in HTML
Safe HTML retention
Retain safe HTML tags and attributes without affecting legitimate content
Lightweight
Small size, high performance, and minimal impact on application performance
Advantages
Highly reliable XSS protection
Flexible configuration, customizable according to requirements
Supports HTML, MathML, and SVG
Active maintenance and updates
Limitations
Cannot prevent all types of injection attacks
Requires developers to understand basic XSS knowledge to use correctly
May over-sanitize some legitimate HTML structures
How to use
Install DOMPurify
Install via npm or directly introduce the script
%20--%3e%3cdefs%3e%3cstyle%3e%20.st0%20{%20fill:%20%230080ff;%20}%20%3c/style%3e%3c/defs%3e%3cpath%20class='st0'%20d='M16.2,11.1c.4.5.4,1.2,0,1.8l-4.7,7.1h-3.8l5.3-8L7.6,4h3.8l4.7,7.1Z'/%3e%3c/svg%3e)
Introduce the library
Introduce DOMPurify into your project
Sanitize HTML
Use the sanitize method to sanitize unsafe HTML
Usage examples
User comment sanitization
Sanitize the content of user-submitted comments to prevent XSS attacks
Rich text editor output
Sanitize the content of the rich text editor before displaying it
Frequently Asked Questions
Can DOMPurify prevent all XSS attacks?
How to customize the allowed HTML tags?
Will DOMPurify affect performance?
Related resources
Official GitHub repository
Source code and issue tracking for DOMPurify
npm package
npm package page for DOMPurify
XSS protection guide
OWASP XSS protection guide
Notion Api MCP
Certified
A Python-based MCP Server that provides advanced to-do list management and content organization functions through the Notion API, enabling seamless integration between AI models and Notion.
Python
27.0K
4.5 points
Markdownify MCP
Markdownify is a multi-functional file conversion service that supports converting multiple formats such as PDFs, images, audio, and web page content into Markdown format.
TypeScript
42.4K
5 points
Gitlab MCP Server
Certified
The GitLab MCP server is a project based on the Model Context Protocol that provides a comprehensive toolset for interacting with GitLab accounts, including code review, merge request management, CI/CD configuration, and other functions.
TypeScript
30.1K
4.3 points
Duckduckgo MCP Server
Certified
The DuckDuckGo Search MCP Server provides web search and content scraping services for LLMs such as Claude.
Python
88.7K
4.3 points
Unity
Certified
UnityMCP is a Unity editor plugin that implements the Model Context Protocol (MCP), providing seamless integration between Unity and AI assistants, including real - time state monitoring, remote command execution, and log functions.
C#
40.9K
5 points
Figma Context MCP
Framelink Figma MCP Server is a server that provides access to Figma design data for AI programming tools (such as Cursor). By simplifying the Figma API response, it helps AI more accurately achieve one - click conversion from design to code.
TypeScript
76.6K
4.5 points
Gmail MCP Server
A Gmail automatic authentication MCP server designed for Claude Desktop, supporting Gmail management through natural language interaction, including complete functions such as sending emails, label management, and batch operations.
TypeScript
27.4K
4.5 points
Minimax MCP Server
The MiniMax Model Context Protocol (MCP) is an official server that supports interaction with powerful text-to-speech, video/image generation APIs, and is suitable for various client tools such as Claude Desktop and Cursor.
Python
62.1K
4.8 points