Overview
This node sanitizes an input HTML string to remove potentially harmful or unwanted content, such as scripts or malicious code. It is useful in workflows where user-generated or external HTML content needs to be cleaned before further processing or display, ensuring security and preventing cross-site scripting (XSS) attacks.
Practical examples include:
- Cleaning HTML content submitted through forms before saving it to a database.
- Sanitizing HTML snippets fetched from external sources before embedding them in emails or web pages.
- Ensuring safe HTML output when integrating with other systems that consume HTML data.
Properties
| Name | Meaning |
|---|---|
| HTML | The raw HTML string that will be sanitized to remove unsafe elements and attributes. |
| Destination Key | The key name under which the sanitized HTML string will be stored in the output JSON. Defaults to "sanitizedHtml". |
Output
The node outputs the sanitized HTML string within the JSON output of each item. The sanitized HTML is stored under the key specified by the "Destination Key" property (defaulting to "sanitizedHtml"). This allows subsequent nodes in the workflow to access clean, safe HTML content.
No binary data output is produced by this node.
Example output JSON snippet for one item:
{
"sanitizedHtml": "<p>Safe sanitized content</p>"
}
Dependencies
- Uses the
jsdomlibrary to create a DOM environment for sanitization. - Uses the
dompurifylibrary to perform the actual HTML sanitization based on a safe profile. - No external API keys or services are required.
- Requires the node to run in an environment where these dependencies are installed and available.
Troubleshooting
Common issues:
- If the input HTML is malformed or extremely large, sanitization might fail or produce unexpected results.
- Incorrectly specifying the destination key could lead to overwriting important data or difficulty accessing the sanitized output.
Error messages:
- Errors during sanitization will either cause the node to fail or, if "Continue On Fail" is enabled, return error details alongside the original data.
- Typical errors may relate to invalid input types or internal library failures; ensure the input HTML is a valid string.
Resolution tips:
- Validate input HTML before passing it to the node.
- Use the default destination key or carefully choose a unique key to avoid conflicts.
- Enable "Continue On Fail" to handle problematic items gracefully in batch processing.
Links and References
- DOMPurify GitHub Repository – Library used for sanitizing HTML.
- jsdom GitHub Repository – JavaScript implementation of the DOM used to create a window object for DOMPurify.
- OWASP XSS Prevention Cheat Sheet – Best practices for preventing cross-site scripting attacks.