npm
Sign UpSign In

graphql-html-sanitizer
TypeScript icon, indicating that this package has built-in type declarations

0.0.41 • Public • Published

graphql-html-sanitizer

Contains a graphql directive and scalar type for sanitizing html input and field data.

Installation

Install package

yarn add graphql-html-sanitizer
# typescript definitions are included 

Add directive and/or scalar type to your graphql schema

your_schema.graphql

directive @sanitizeHTML(allowedTags: [String], 
                        allowedIframeHostnames: [String], 
                        selfClosing: [String], 
                        allowedSchemes: [String], 
                        allowedSchemesAppliedToAttributes: [String]) 
                        on FIELD_DEFINITION | INPUT_FIELD_DEFINITION
 
scalar SanitizedHTML
 
type PostUsingDirctive {
  content: String @sanitizeHTML(allowedTags: ["p", "i", "b"])
}
 
type PostUsingScalar {
  content: SanitizedHTML # Removes all script injection by default and leaves safe html
}
 
type PostInput {
  content: String! @sanitizeHTML(allowedTags: ["p", "i", "b"])
}

Add to Apollo server

import { ApolloServer } from 'apollo-server-lambda'
import * as GQLHTMLSanitizer from "graphql-html-sanitizer"
 
const typeDefs = require('your_schema.graphql')
 
const server = new ApolloServer({
  typeDefs,
  resolvers: {
    SanitizedHTML: GQLHTMLSanitizer.Type // if using: scalar SanitizedHTML
  },
  schemaDirectives: {
    sanitizeHTML: GQLHTMLSanitizer.Directive // if using: directive @sanitizeHTML
  }
})

Readme

Keywords

Package Sidebar

Install

npm i graphql-html-sanitizer

Repository

github.com/gorillatron/graphql-html-sanitizer

Homepage

github.com/gorillatron/graphql-html-sanitizer#readme

Weekly Downloads

7

Version

0.0.41

License

MIT

Unpacked Size

21.6 kB

Total Files

17

Last publish

Collaborators

  • gorillatron
Try on RunKit
Report malware