Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist.



  • Specifies HTML tags and their attributes allowed with whitelist
  • Handle any tags or attributes using custom function


NPM version build status Test coverage David deps node version npm download npm license


Getting Started Try Online Fork me on GitHub

XSS is a module used to filter input from users to prevent XSS attacks. (What is XSS attack?)

This module is needed for situations that allows users to input HTML for typesetting or formatting, including fourms, blogs, e-shops, etc.

The xss module controls the usage of tags and their attributes, according to the whitelist. It is also extendable with a series of APIs privided, which make it become more flexible, compares with other modules.



$ npm install xss --save


var xss = require('xss');
console.log(xss('<a href="#" onclick="alert(/xss/)">click me</a>'));


Require Script File:


console.log(filterXSS('<a href="#" onclick="alert(/xss/)">click me</a>'));