Question
I've just started working with mongoose and I have a use-case where I want to have a whitelist of "safe" HTML tags (ie, <i>, <b>, <u>, others), but I want to remove malicious ones, such as <script>. I'm currently trying to find a sanitizing middleware that supports something like this, but so far all I've found is validator.js and that doesn't seem to support whitelisting HTML, just whitelisting characters.
My use-case is as follows: I'd like to use summernote to create some nicely-formatted things that rely on user input, save them to mongodb using mongoose, and then display that particular HTML elsewhere.
Is there some middleware that will help me with this?
Solution
I have had great success with cheerio. It provides a jquery like api so you can select html elements right from node js. You could create a list of tags that you don't want in the final output and remove() them. For instance script tags can be removed like so
https://stackoverflow.com/questions/23097700
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian var cheerio = require('cheerio');
$ = cheerio.load("<html><body><script></script></body></html>");
$("script").remove();
That's it.
