{
  "url": "https://unifast.dev/fr/docs/packages/node/sanitize/",
  "locale": "fr",
  "title": "sanitize()",
  "description": "Crée un plugin d'assainissement qui supprime de la sortie compilée les balises HTML, attributs et protocoles d'URL dangereux.",
  "section": "packages",
  "body": "```ts\n\n```\n\n## Signature\n\n```ts\nfunction sanitize(options?: SanitizePluginOptions): UnifastPlugin\n```\n\n## Paramètres\n\n### options?\n\nConfiguration de l'assainissement\n\n| Propriété | Type | Défaut | Description |\n|----------|------|---------|-------------|\n| `enabled` | `boolean` | `true` | Active ou désactive l'assainissement |\n| `schema` | `SanitizeSchema` | — | Schéma d'assainissement personnalisé |\n\n#### SanitizeSchema\n\n| Propriété | Type | Description |\n|----------|------|-------------|\n| `allowedTags` | `string[]` | Noms de balises HTML autorisés (tous les autres sont retirés) |\n| `allowedAttributes` | `Record<string, string[]>` | Table associant les noms de balises aux noms d'attributs autorisés |\n| `allowedProtocols` | `Record<string, string[]>` | Table associant les noms d'attributs aux protocoles d'URL autorisés |\n\n## Utilisation\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      enabled: true,\n      schema: {\n        allowedTags: [\"h1\", \"h2\", \"h3\", \"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\", \"img\", \"ul\", \"ol\", \"li\", \"blockquote\", \"table\", \"thead\", \"tbody\", \"tr\", \"th\", \"td\"],\n        allowedAttributes: {\n          a: [\"href\", \"title\", \"target\"],\n          img: [\"src\", \"alt\", \"width\", \"height\"],\n          code: [\"class\"],\n          pre: [\"class\"],\n        },\n        allowedProtocols: {\n          href: [\"https\", \"http\", \"mailto\"],\n          src: [\"https\", \"http\"],\n        },\n      },\n    }),\n  ],\n});\n```\n\n## Exemples\n\n### Supprimer le HTML dangereux\n\n```ts\n\nconst untrustedMd = `\n# Hello\n\n<script>alert(\"xss\")</script>\n\n<img src=\"x\" onerror=\"alert('xss')\">\n\n[Click me](javascript:alert('xss'))\n`;\n\nconst result = compile(untrustedMd, {\n  plugins: [sanitize()],\n});\n\nconsole.log(result.output);\n// <script> tags, onerror attributes, and javascript: URLs are removed\n```\n\n### Balises autorisées personnalisées\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedTags: [\"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\"],\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only the specified tags are kept; all others are stripped\n```\n\n### Restreindre les protocoles d'URL\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedProtocols: {\n          href: [\"https\", \"mailto\"],\n          src: [\"https\"],\n        },\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only https: and mailto: links are allowed\n```\n\n### Désactiver l'assainissement\n\n```ts\n\nconst result = compile(md, {\n  plugins: [sanitize({ enabled: false })],\n});\n\nconsole.log(result.output);\n// No sanitization applied — use only with trusted input\n```",
  "alternates": [
    {
      "locale": "en",
      "url": "https://unifast.dev/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ja",
      "url": "https://unifast.dev/ja/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ja/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-CN",
      "url": "https://unifast.dev/zh-CN/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-CN/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-TW",
      "url": "https://unifast.dev/zh-TW/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-TW/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ko",
      "url": "https://unifast.dev/ko/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ko/docs/packages/node/sanitize.json"
    },
    {
      "locale": "fr",
      "url": "https://unifast.dev/fr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/fr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "it",
      "url": "https://unifast.dev/it/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/it/docs/packages/node/sanitize.json"
    },
    {
      "locale": "es",
      "url": "https://unifast.dev/es/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/es/docs/packages/node/sanitize.json"
    },
    {
      "locale": "pt-BR",
      "url": "https://unifast.dev/pt-BR/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/pt-BR/docs/packages/node/sanitize.json"
    },
    {
      "locale": "de",
      "url": "https://unifast.dev/de/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/de/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ru",
      "url": "https://unifast.dev/ru/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ru/docs/packages/node/sanitize.json"
    },
    {
      "locale": "hi",
      "url": "https://unifast.dev/hi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/hi/docs/packages/node/sanitize.json"
    },
    {
      "locale": "id",
      "url": "https://unifast.dev/id/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/id/docs/packages/node/sanitize.json"
    },
    {
      "locale": "tr",
      "url": "https://unifast.dev/tr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/tr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "vi",
      "url": "https://unifast.dev/vi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/vi/docs/packages/node/sanitize.json"
    }
  ]
}