hast-util-sanitize is a utility for sanitizing hast trees, making potentially dangerous user content safe to use by removing or cleaning unsafe elements and properties. It defaults to GitHub-style sanitization, and is useful when you need to safely render user-provided content as HTML, optionally with configurable schemas.
Project status
- Actively maintained is plausible but not strongly evidenced, with new work appearing as far back as 2024-10-25 and a prior update in 2023-10-26, suggesting the project is still receiving updates rather than being abandoned.
- Update cadence looks roughly annual based on the last three version timestamps (2023-08-03, 2023-10-26, 2024-10-25), with the most recent updates being small and focused (TypeScript declaration generation and JSDoc typing).
AI summary generated Today
Recent updates
5.0.2
10/25/2024Release 5.0.2 primarily updates TypeScript declaration generation (declaration maps) and refactors JSDoc typing to use `@import` syntax. The runtime code changes shown in the diff are mostly internal variable renames and test/tooling adjustments, with no documented API change.
Features5.0.1
10/26/2023hast-util-sanitize 5.0.1 tightens its default sanitization schema and adjusts how tag-specific attribute rules interact with the generic '*' rules. The release notes call out removing non-working rel and target attributes, plus a fix related to allowing '*' attributes even when tag-specific rules also exist.
Breaking5.0.0
8/3/2023Release 5.0.0 updates hast-util-sanitize for newer ecosystem versions and aligns its default sanitization behavior with GitHub. The release notes explicitly mention a Node.js 16 requirement, switching to `exports`, and schema-related fixes including doctype handling. The code diff shows a much larger schema and API refactor than what is described in the notes.
Breaking4.1.0
1/3/2023hast-util-sanitize 4.1.0 adds support for using regular expressions in the sanitization schema to allow matching property values. The release also includes documentation and type-focused updates (README and generated type definitions), but the runtime change centers on schema value matching.
Features4.0.0
4/30/2021Release 4.0.0 moves the package to ESM and adds JSDoc-based typing support. The implementation was substantially refactored around ESM exports and a new in-code default schema export.
BreakingFeatures3.0.2
11/23/2020Release 3.0.2 fixes an issue where `ancestors` enforcement did not work correctly when sanitizing a `root` node. The code change is small and localized to ancestor-checking logic, and the release includes new tests covering both normal traversal and `root` traversal.
3.0.1
11/3/2020Release 3.0.1 is primarily described as an internal refactor intended to improve bundle size, plus a documentation update adding an example for syntax highlighting related to allowed class values. The actual diff shows more than just refactoring and docs, including sanitizer implementation changes, TypeScript definition tweaks, dependency version bumps, and CI/release pipeline changes.
Features3.0.0
7/20/2020Release 3.0.0 primarily introduces TypeScript typings for `hast-util-sanitize`. In addition to adding `types/index.d.ts`, the package metadata and test setup were updated to publish and validate the new typings.
BreakingFeatures2.0.3
6/24/2020Release 2.0.3 primarily adjusts the sanitization schema to allow `li` elements to appear outside of `ol`/`ul` containers. The code diff shows this behavior change implemented via updates to the tag ancestor rules in `lib/github.json`, along with various tooling/test/lint-related edits.
2.0.2
2/28/2020Release 2.0.2 primarily updates project metadata and documentation, adds a GitHub Sponsors-style funding entry to package.json, and expands the README with a security section. The provided diff also includes test coverage for a whitespace-prefixed javascript: payload and several dependency version range changes in package.json.