GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → rust-ammonia → Ammonia

rust-ammonia / Ammonia

Licence: other
Repair and secure untrusted HTML

Programming Languages

rust
11053 projects

Labels

securitywebcrates

Projects that are alternatives of or similar to Ammonia

Syntect
Rust library for syntax highlighting using Sublime Text syntax definitions.
Stars: ✭ 972 (+428.26%)
Mutual labels:  crates
Anterofit
Strongly typed, asynchronous REST client framework for Rust.
Stars: ✭ 125 (-32.07%)
Mutual labels:  crates
Paris
Logger in Rust for pretty colors and text in the terminal. Aiming for a relatively simple API
Stars: ✭ 162 (-11.96%)
Mutual labels:  crates
Half Rs
Half-precision floating point types f16 and bf16 for Rust.
Stars: ✭ 68 (-63.04%)
Mutual labels:  crates
Bvh
A fast BVH using SAH in rust
Stars: ✭ 108 (-41.3%)
Mutual labels:  crates
Cedar
Rust framework for building visual/interactive applications
Stars: ✭ 136 (-26.09%)
Mutual labels:  crates
Rusticsom
Rust library for Self Organising Maps (SOM).
Stars: ✭ 18 (-90.22%)
Mutual labels:  crates
Meuse
A private Cargo crate registry, for Rust
Stars: ✭ 173 (-5.98%)
Mutual labels:  crates
Bnf
Parse BNF grammar definitions
Stars: ✭ 124 (-32.61%)
Mutual labels:  crates
Multipart
A backend-agnostic extension for file uploads in HTTP libraries for Rust
Stars: ✭ 155 (-15.76%)
Mutual labels:  crates
Accord
Data validation library for Rust
Stars: ✭ 72 (-60.87%)
Mutual labels:  crates
Inflector
A rust inflection library
Stars: ✭ 88 (-52.17%)
Mutual labels:  crates
Pleco
A Rust-based re-write of the Stockfish Chess Engine
Stars: ✭ 137 (-25.54%)
Mutual labels:  crates
Rust Skiplist
Skiplist implementation in rust
Stars: ✭ 38 (-79.35%)
Mutual labels:  crates
Semantic Rs
🚀 Automatic crate publishing done right
Stars: ✭ 162 (-11.96%)
Mutual labels:  crates
Rust Multibase
Multibase in rust
Stars: ✭ 30 (-83.7%)
Mutual labels:  crates
Coap Rs
A Constrained Application Protocol(CoAP) library implemented in Rust.
Stars: ✭ 128 (-30.43%)
Mutual labels:  crates
Bee
A framework for IOTA nodes, clients and applications in Rust
Stars: ✭ 176 (-4.35%)
Mutual labels:  crates
Cargo Guppy
Track and query Cargo dependency graphs.
Stars: ✭ 174 (-5.43%)
Mutual labels:  crates
Ktra
Your Little Cargo Registry
Stars: ✭ 147 (-20.11%)
Mutual labels:  crates
View All Similar Projects ➔

HTML Sanitization

Crates.IO Requires rustc 1.36.0

Ammonia is a whitelist-based HTML sanitization library. It is designed to prevent cross-site scripting, layout breaking, and clickjacking caused by untrusted user-provided HTML being mixed into a larger web page.

Ammonia uses html5ever to parse and serialize document fragments the same way browsers do, so it is extremely resilient to syntactic obfuscation.

Ammonia parses its input exactly according to the HTML5 specification; it will not linkify bare URLs, insert line or paragraph breaks, or convert (C) into ©. If you want that, use a markup processor before running the sanitizer, like pulldown-cmark.

Installation

To use ammonia, add it to your project's Cargo.toml file:

[dependencies]
ammonia = "3"

Changes

Please see the CHANGELOG for a release history.

Example

Using pulldown-cmark together with Ammonia for a friendly user-facing comment site.

use ammonia::clean;
use pulldown_cmark::{Parser, Options, html::push_html};

let text = "[a link](http://www.notriddle.com/)";

let mut options = Options::empty();
options.insert(Options::ENABLE_TABLES);

let mut md_parse = Parser::new_ext(text, options);
let mut unsafe_html = String::new();
push_html(&mut unsafe_html, md_parse);

let safe_html = clean(&*unsafe_html);
assert_eq!(safe_html, "<a href=\"http://www.notriddle.com/\">a link</a>");

Performance

Ammonia builds a DOM, traverses it (replacing unwanted nodes along the way), and serializes it again. It could be faster for what it does, and if you don't want to allow any HTML it is possible to be even faster than that.

However, it takes about fifteen times longer to sanitize an HTML string using bleach-2.0.0 with html5lib-0.999999999 than it does using Ammonia 1.0.

$ cd benchmarks
$ cargo run --release
    Running `target/release/ammonia_bench`
87539 nanoseconds to clean up the intro to the Ammonia docs.
$ python bleach_bench.py
(1498800.015449524, 'nanoseconds to clean up the intro to the Ammonia docs.')

License

Licensed under either of these:

Thanks

Thanks to the other sanitizer libraries, particularly Bleach for Python and sanitize-html for Node, which we blatantly copied most of our API from.

Thanks to ChALkeR, whose Improper Markup Sanitization document helped us find high-level semantic holes in Ammonia, and to ssokolow, whose review and experience were also very helpful.

And finally, thanks to the contributors.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].