{
  "url": "https://unifast.dev/zh-TW/docs/packages/node/sanitize/",
  "locale": "zh-TW",
  "title": "sanitize()",
  "description": "建立消毒處理外掛，從編譯輸出中移除危險的 HTML 標籤、屬性與 URL 協定。",
  "section": "packages",
  "body": "```ts\n\n```\n\n## 函式簽名\n\n```ts\nfunction sanitize(options?: SanitizePluginOptions): UnifastPlugin\n```\n\n## 參數\n\n### options?\n\n消毒處理設定\n\n| 屬性 | 型別 | 預設值 | 說明 |\n|----------|------|---------|-------------|\n| `enabled` | `boolean` | `true` | 啟用或停用消毒處理 |\n| `schema` | `SanitizeSchema` | — | 自訂消毒處理的 schema |\n\n#### SanitizeSchema\n\n| 屬性 | 型別 | 說明 |\n|----------|------|-------------|\n| `allowedTags` | `string[]` | 允許的 HTML 標籤名稱（其他都會被移除） |\n| `allowedAttributes` | `Record<string, string[]>` | 將標籤名稱對應到允許屬性名稱的對應表 |\n| `allowedProtocols` | `Record<string, string[]>` | 將屬性名稱對應到允許 URL 協定的對應表 |\n\n## 用法\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      enabled: true,\n      schema: {\n        allowedTags: [\"h1\", \"h2\", \"h3\", \"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\", \"img\", \"ul\", \"ol\", \"li\", \"blockquote\", \"table\", \"thead\", \"tbody\", \"tr\", \"th\", \"td\"],\n        allowedAttributes: {\n          a: [\"href\", \"title\", \"target\"],\n          img: [\"src\", \"alt\", \"width\", \"height\"],\n          code: [\"class\"],\n          pre: [\"class\"],\n        },\n        allowedProtocols: {\n          href: [\"https\", \"http\", \"mailto\"],\n          src: [\"https\", \"http\"],\n        },\n      },\n    }),\n  ],\n});\n```\n\n## 範例\n\n### 移除危險的 HTML\n\n```ts\n\nconst untrustedMd = `\n# Hello\n\n<script>alert(\"xss\")</script>\n\n<img src=\"x\" onerror=\"alert('xss')\">\n\n[Click me](javascript:alert('xss'))\n`;\n\nconst result = compile(untrustedMd, {\n  plugins: [sanitize()],\n});\n\nconsole.log(result.output);\n// <script> tags, onerror attributes, and javascript: URLs are removed\n```\n\n### 自訂允許的標籤\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedTags: [\"p\", \"a\", \"strong\", \"em\", \"code\", \"pre\"],\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only the specified tags are kept; all others are stripped\n```\n\n### 限制 URL 協定\n\n```ts\n\nconst result = compile(md, {\n  plugins: [\n    sanitize({\n      schema: {\n        allowedProtocols: {\n          href: [\"https\", \"mailto\"],\n          src: [\"https\"],\n        },\n      },\n    }),\n  ],\n});\n\nconsole.log(result.output);\n// Only https: and mailto: links are allowed\n```\n\n### 停用消毒處理\n\n```ts\n\nconst result = compile(md, {\n  plugins: [sanitize({ enabled: false })],\n});\n\nconsole.log(result.output);\n// No sanitization applied — use only with trusted input\n```",
  "alternates": [
    {
      "locale": "en",
      "url": "https://unifast.dev/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ja",
      "url": "https://unifast.dev/ja/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ja/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-CN",
      "url": "https://unifast.dev/zh-CN/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-CN/docs/packages/node/sanitize.json"
    },
    {
      "locale": "zh-TW",
      "url": "https://unifast.dev/zh-TW/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/zh-TW/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ko",
      "url": "https://unifast.dev/ko/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ko/docs/packages/node/sanitize.json"
    },
    {
      "locale": "fr",
      "url": "https://unifast.dev/fr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/fr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "it",
      "url": "https://unifast.dev/it/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/it/docs/packages/node/sanitize.json"
    },
    {
      "locale": "es",
      "url": "https://unifast.dev/es/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/es/docs/packages/node/sanitize.json"
    },
    {
      "locale": "pt-BR",
      "url": "https://unifast.dev/pt-BR/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/pt-BR/docs/packages/node/sanitize.json"
    },
    {
      "locale": "de",
      "url": "https://unifast.dev/de/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/de/docs/packages/node/sanitize.json"
    },
    {
      "locale": "ru",
      "url": "https://unifast.dev/ru/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/ru/docs/packages/node/sanitize.json"
    },
    {
      "locale": "hi",
      "url": "https://unifast.dev/hi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/hi/docs/packages/node/sanitize.json"
    },
    {
      "locale": "id",
      "url": "https://unifast.dev/id/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/id/docs/packages/node/sanitize.json"
    },
    {
      "locale": "tr",
      "url": "https://unifast.dev/tr/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/tr/docs/packages/node/sanitize.json"
    },
    {
      "locale": "vi",
      "url": "https://unifast.dev/vi/docs/packages/node/sanitize/",
      "api": "https://unifast.dev//api/vi/docs/packages/node/sanitize.json"
    }
  ]
}