Get started

sanitize-html plugin

The sanitize-html plugin sanitizes vsn-html and vsn-get by default and re-enables the !trusted flag for raw HTML + behavior parsing.

Install

<script type="module" src="https://unpkg.com/vsn/dist/index.min.js" auto-mount></script>
<script type="module" src="https://unpkg.com/vsn/dist/plugins/sanitize-html.min.js"></script>

If DOMPurify is present on globalThis, the plugin uses it automatically. Otherwise it falls back to a basic sanitizer.

Default behavior

  • vsn-html sanitizes inserted HTML.
  • vsn-get sanitizes fetched HTML.
  • !trusted opts out of sanitization and enables parsing text/vsn scripts.

Example

behavior .card {
  @html : response;
}

<div vsn-html="response"></div>
<div vsn-html!trusted="trustedResponse"></div>

DOMPurify

To use DOMPurify, load it before the plugin:

<script src="https://unpkg.com/dompurify@3.1.0/dist/purify.min.js"></script>
<script type="module" src="/dist/index.min.js" auto-mount></script>
<script type="module" src="/dist/plugins/sanitize-html.min.js"></script>
Previous Build/bundler usage (ESM/CJS) Next microdata