# StripJs
[Documentation](https://hexdocs.pm/strip_js/StripJs.html)
StripJs is an Elixir module for stripping executable JavaScript from
blocks of HTML. It removes `<script>` tags, `javascript:...` links,
and event handlers like `onclick` as follows:
* `<script>...</script>` and `<script src="..."></script>` tags
are removed entirely.
* `<a href="javascript:...">` is converted to
`<a href="#" data-href-javascript="...">`.
* Event handler attributes such as `onclick="..."` are converted to
e.g., `data-onclick="..."`.
## Installation
Add `strip_js` to your application's dependencies in `mix.exs`:
def deps do
[{:strip_js, "~> 0.6.0"}]
end
## Usage
`strip_js/1` returns a copy of its input, with all JS removed.
iex> html = "<button onclick=\"alert('pwnt')\">Hi!</button>"
iex> StripJs.strip_js(html)
"<button data-onclick=\"alert('pwnt')\">Hi!</button>"
`strip_js_with_status/1` performs the same function as `strip_js/1`,
also returning a boolean indicating whether any JS was removed from
the input.
iex> html = "<button onclick=\"alert('pwnt')\">Hi!</button>"
iex> StripJs.strip_js_with_status(html)
{"<button data-onclick=\"alert('pwnt')\">Hi!</button>", true}
StripJs relies on the [Floki](https://github.com/philss/floki)
HTML parser library. StripJs provides a `strip_js_from_tree/1`
function to strip JS from Floki HTML parse trees.
## Authorship and License
Copyright 2017, Appcues, Inc.
StripJs is released under the [MIT License](https://opensource.org/licenses/MIT).