Clean and sanitize HTML to ensure user supplied content is safe and secure
Neutrino's HTML Clean API sanitizes and cleans untrusted HTML from user supplied content (or content from external sources), to ensure that it is safe and prevent cross-site scripting attacks (XSS).
The Neutrino HTML Sanitizer block filters HTML from real-time messages to prevent security exploits or reformats the text to whatever you want. For example, if you're building a real-time forum, HTML Sanitizer block can reformat user submissions to ensure that it only includes bold and italics, and scrubs out any security issues that may be hidden in the HTML.
Walkthrough
Sign up for the Neutrino API and enter your User ID and API Key as the two variables userId and apiKeyrespectively.
Then specify what level of HTML filtering your system requires in the variable output-type. Neutrino supports the following settings:
plain-text: reduce the content to plain text only (no HTML tags at all)
simple-text: allow only very basic text formatting tags like b, em, i, strong, u
basic-html: allow advanced text formatting and hyper links
basic-html-with-images: same as basic html but also allows image tags
advanced-html: same as basic html with images but also allows many more common HTML tags like table, ul, dl, pre
The block will then forward messages sent to it to the Neutrino API and filter HTML before it reaches the next client.
Input
Message including HTML sent over PubNub
1
Output
Filtered message that only includes bold and italics.
1