ng-dompurify

NgDompurify is an Angular library that integrates DOMPurify as a sanitizer or pipe, providing robust protection against cross-site scripting (XSS) attacks. It replaces Angular's built-in sanitizer with DOMPurify's more configurable and secure HTML sanitization, ensuring safe rendering of dynamic content in Angular applications.

Key Features

• DOMPurify Integration — Delegates sanitization to the battle-tested DOMPurify library, supporting all its security features.
• Flexible Usage — Can be used as an Angular pipe for template binding or as a service for programmatic sanitization.
• Full Configuration Support — Allows customization through DOMPurify config tokens, enabling fine-grained control over allowed elements and attributes.
• CSS Sanitization Hook — Provides an optional handler for sanitizing CSS rules, though Angular 10+ drops CSS sanitization by default.
• DOMPurify Hooks Support — Enables use of DOMPurify hooks for advanced sanitization workflows, such as modifying elements before processing.

Philosophy

NgDompurify prioritizes security and flexibility, leveraging DOMPurify's proven sanitization while maintaining Angular's idiomatic patterns for seamless integration.