{
  "url": "https://unifast.dev/es/docs/packages/node/sanitize/",
  "locale": "es",
  "title": "sanitize()",
  "description": "Crea un plugin de sanitización que elimina etiquetas HTML, atributos y protocolos de URL peligrosos de la salida compilada.",
  "section": "packages",
  "body": "```ts\n\n```\n\n## Firma\n\n```ts\nfunction sanitize(options?: SanitizePluginOptions): UnifastPlugin\n```\n\n## Parámetros\n\n### options?\n\nConfiguración de la sanitización\n\n| Propiedad | Tipo | Por defecto | Descripción |\n|----------|------|---------|-------------|\n| `enabled` | `boolean` | `true` | Habilita o desactiva la sanitización |\n| `schema` | `SanitizeSchema` | — | Esquema de sanitización personalizado |\n\n#### SanitizeSchema\n\n| Propiedad | Tipo | Descripción |\n|----------|------|-------------|\n| `allowedTags` | `string[]` | Nombres de etiquetas HTML permitidas (todas las demás se eliminan) |\n| `allowedAttributes` | `Record<string, string[]>` | Mapa de nombre de etiqueta a nombres de atributos permitidos |\n| `allowedProtocols` | `Record<string, string[]>` | Mapa de nombre de atributo a protocolos de URL permitidos |\n\n## Uso\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      enabled: true,\n      schema: {\n        allowedTags: [\"h1\", \"h2\", \"h3\", \"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\", \"img\", \"ul\", \"ol\", \"li\", \"blockquote\", \"table\", \"thead\", \"tbody\", \"tr\", \"th\", \"td\"],\n        allowedAttributes: {\n          a: [\"href\", \"title\", \"target\"],\n          img: [\"src\", \"alt\", \"width\", \"height\"],\n          code: [\"class\"],\n          pre: [\"class\"],\n        },\n        allowedProtocols: {\n          href: [\"https\", \"http\", \"mailto\"],\n          src: [\"https\", \"http\"],\n        },\n      },\n    }),\n  ],\n});\n```\n\n## Ejemplos\n\n### Eliminar HTML peligroso\n\n```ts\n\nconst untrustedMd = `\n# Hello\n\n<script>alert(\"xss\")</script>\n\n<img src=\"x\" onerror=\"alert('xss')\">\n\n[Click me](javascript:alert('xss'))\n`;\n\nconst result = compile(untrustedMd, {\n  plugins: [sanitize()],\n});\n\nconsole.log(result.output);\n// <script> tags, onerror attributes, and javascript: URLs are removed\n```\n\n### Etiquetas permitidas personalizadas\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedTags: [\"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\"],\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only the specified tags are kept; all others are stripped\n```\n\n### Restringir protocolos de URL\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedProtocols: {\n          href: [\"https\", \"mailto\"],\n          src: [\"https\"],\n        },\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only https: and mailto: links are allowed\n```\n\n### Desactivar la sanitización\n\n```ts\n\nconst result = compile(md, {\n  plugins: [sanitize({ enabled: false })],\n});\n\nconsole.log(result.output);\n// No sanitization applied — use only with trusted input\n```",
  "alternates": [
    {
      "locale": "en",
      "url": "https://unifast.dev/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ja",
      "url": "https://unifast.dev/ja/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ja/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-CN",
      "url": "https://unifast.dev/zh-CN/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-CN/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-TW",
      "url": "https://unifast.dev/zh-TW/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-TW/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ko",
      "url": "https://unifast.dev/ko/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ko/docs/packages/node/sanitize.json"
    },
    {
      "locale": "fr",
      "url": "https://unifast.dev/fr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/fr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "it",
      "url": "https://unifast.dev/it/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/it/docs/packages/node/sanitize.json"
    },
    {
      "locale": "es",
      "url": "https://unifast.dev/es/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/es/docs/packages/node/sanitize.json"
    },
    {
      "locale": "pt-BR",
      "url": "https://unifast.dev/pt-BR/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/pt-BR/docs/packages/node/sanitize.json"
    },
    {
      "locale": "de",
      "url": "https://unifast.dev/de/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/de/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ru",
      "url": "https://unifast.dev/ru/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ru/docs/packages/node/sanitize.json"
    },
    {
      "locale": "hi",
      "url": "https://unifast.dev/hi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/hi/docs/packages/node/sanitize.json"
    },
    {
      "locale": "id",
      "url": "https://unifast.dev/id/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/id/docs/packages/node/sanitize.json"
    },
    {
      "locale": "tr",
      "url": "https://unifast.dev/tr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/tr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "vi",
      "url": "https://unifast.dev/vi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/vi/docs/packages/node/sanitize.json"
    }
  ]
}