@nx-all/nx-html-parser 0.0.2

package/README.md

@@ -0,0 +1,149 @@
+# nx-html-parser
+
+## HTML Security Parser
+
+`nx-html-parser` is a lightweight Angular HTML security parser that validates HTML input against **OWASP guidelines**.
+
+It helps prevent rendering unsafe or malicious HTML by filtering prohibited tags before content is rendered in the DOM.
+
+---
+
+## Features
+
+- OWASP-compliant HTML validation
+- Detects prohibited and unsafe HTML tags
+- Prevents malicious HTML rendering
+- Angular dependency injection support
+- Lightweight and easy to integrate
+- Safe handling of dynamic HTML content
+
+---
+
+## Prohibited Tags
+
+The following HTML tags are blocked and will trigger a security validation error:
+
+| Tags |
+|------|
+| `script` |
+| `img` |
+| `body` |
+| `a` |
+| `iframe` |
+| `svg` |
+| `object` |
+| `embed` |
+| `details` |
+| `video` |
+| `audio` |
+| `source` |
+| `input` |
+| `button` |
+| `textarea` |
+| `select` |
+| `link` |
+| `style` |
+| `base` |
+| `form` |
+| `animate` |
+
+---
+
+## Installation
+
+```bash
+npm install --save-dev nx-html-parser
+
+## Usage
+
+### Import the Parser
+
+
+import { HtmlParser } from 'nx-html-parser'
+
+```
+
+### Angular Example
+
+```ts
+import { Component, inject, signal } from '@angular/core';
+import { RouterModule } from '@angular/router';
+import { HtmlParser } from 'nx-html-parser';
+import { SafeHtml } from '@angular/platform-browser';
+
+@Component({
+  selector: 'app-root',
+  imports: [RouterModule],
+  templateUrl: './app.html',
+  styleUrl: './app.scss',
+})
+export class App {
+
+  public htmlParser = inject(HtmlParser);
+
+  htmlContent = signal('<p>Hello!</p><strong>Valid HTML</strong>');
+
+  errorMessage = signal('');
+
+  parseContent(content: string): string | SafeHtml {
+
+    try {
+
+      const parsed = this.htmlParser(content);
+
+      return parsed;
+
+    } catch (error: any) {
+
+      console.error(error);
+
+      return '';
+    }
+  }
+
+  injectProhibitedTag(tag: string) {
+
+    const htmlTag = `<${tag}>Blocked content</${tag}>`;
+
+    this.htmlContent.set(this.htmlParser(htmlTag));
+
+    this.errorMessage.set(
+      `Security Error: The tag <${tag}> is prohibited by OWASP guidelines.`
+    );
+  }
+}
+```
+
+---
+
+## Development
+
+Build the library locally:
+
+```bash
+ng build nx-html-parser
+```
+
+Run tests:
+
+```bash
+nx test nx-html-parser
+```
+
+Run lint:
+
+```bash
+nx lint nx-html-parser
+```
+
+
+## Security
+
+This package is designed to help reduce risks associated with:
+
+- **Cross-site scripting (XSS)**
+- **Unsafe DOM rendering**
+- **Dynamic HTML injection**
+- **Malicious embedded content**
+
+Validation rules are based on **OWASP security recommendations**.

package/dist/libs/nx-html-parser/README.md

@@ -0,0 +1,149 @@
+# nx-html-parser
+
+## HTML Security Parser
+
+`nx-html-parser` is a lightweight Angular HTML security parser that validates HTML input against **OWASP guidelines**.
+
+It helps prevent rendering unsafe or malicious HTML by filtering prohibited tags before content is rendered in the DOM.
+
+---
+
+## Features
+
+- OWASP-compliant HTML validation
+- Detects prohibited and unsafe HTML tags
+- Prevents malicious HTML rendering
+- Angular dependency injection support
+- Lightweight and easy to integrate
+- Safe handling of dynamic HTML content
+
+---
+
+## Prohibited Tags
+
+The following HTML tags are blocked and will trigger a security validation error:
+
+| Tags |
+|------|
+| `script` |
+| `img` |
+| `body` |
+| `a` |
+| `iframe` |
+| `svg` |
+| `object` |
+| `embed` |
+| `details` |
+| `video` |
+| `audio` |
+| `source` |
+| `input` |
+| `button` |
+| `textarea` |
+| `select` |
+| `link` |
+| `style` |
+| `base` |
+| `form` |
+| `animate` |
+
+---
+
+## Installation
+
+```bash
+npm install --save-dev nx-html-parser
+
+## Usage
+
+### Import the Parser
+
+
+import { HtmlParser } from 'nx-html-parser'
+
+```
+
+### Angular Example
+
+```ts
+import { Component, inject, signal } from '@angular/core';
+import { RouterModule } from '@angular/router';
+import { HtmlParser } from 'nx-html-parser';
+import { SafeHtml } from '@angular/platform-browser';
+
+@Component({
+  selector: 'app-root',
+  imports: [RouterModule],
+  templateUrl: './app.html',
+  styleUrl: './app.scss',
+})
+export class App {
+
+  public htmlParser = inject(HtmlParser);
+
+  htmlContent = signal('<p>Hello!</p><strong>Valid HTML</strong>');
+
+  errorMessage = signal('');
+
+  parseContent(content: string): string | SafeHtml {
+
+    try {
+
+      const parsed = this.htmlParser(content);
+
+      return parsed;
+
+    } catch (error: any) {
+
+      console.error(error);
+
+      return '';
+    }
+  }
+
+  injectProhibitedTag(tag: string) {
+
+    const htmlTag = `<${tag}>Blocked content</${tag}>`;
+
+    this.htmlContent.set(this.htmlParser(htmlTag));
+
+    this.errorMessage.set(
+      `Security Error: The tag <${tag}> is prohibited by OWASP guidelines.`
+    );
+  }
+}
+```
+
+---
+
+## Development
+
+Build the library locally:
+
+```bash
+ng build nx-html-parser
+```
+
+Run tests:
+
+```bash
+nx test nx-html-parser
+```
+
+Run lint:
+
+```bash
+nx lint nx-html-parser
+```
+
+
+## Security
+
+This package is designed to help reduce risks associated with:
+
+- **Cross-site scripting (XSS)**
+- **Unsafe DOM rendering**
+- **Dynamic HTML injection**
+- **Malicious embedded content**
+
+Validation rules are based on **OWASP security recommendations**.

package/dist/libs/nx-html-parser/fesm2022/nx-all-nx-html-parser.mjs

@@ -0,0 +1,53 @@
+import { InjectionToken, signal } from '@angular/core';
+
+const invalidHtmlTags = [
+    'script',
+    'img',
+    'body',
+    'a',
+    'iframe',
+    'svg',
+    'object',
+    'embed',
+    'details',
+    'video',
+    'audio',
+    'source',
+    'input',
+    'button',
+    'textarea',
+    'select',
+    'link',
+    'style',
+    'base',
+    'form',
+    'animate',
+];
+function checkInvalidHTMLTags(str) {
+    const regex = new RegExp(`<\\s*\\/??\\s*(${invalidHtmlTags.join('|')})\\b`, 'i');
+    return regex.test(str);
+}
+function securedHTML(input) {
+    if (!input()) {
+        const error = new Error('Input cannot be empty');
+        throw error;
+    }
+    if (checkInvalidHTMLTags(input())) {
+        const error = new Error('XSS : Insecure HTML tags detected as per OWASP guidelines');
+        throw error;
+    }
+    return input();
+}
+const HtmlParser = new InjectionToken('secureHTML', {
+    providedIn: 'root',
+    factory: () => {
+        return (rawString) => securedHTML(signal(rawString));
+    },
+});
+
+/**
+ * Generated bundle index. Do not edit.
+ */
+
+export { HtmlParser };
+//# sourceMappingURL=nx-all-nx-html-parser.mjs.map

package/dist/libs/nx-html-parser/fesm2022/nx-all-nx-html-parser.mjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"nx-all-nx-html-parser.mjs","sources":["../../../../libs/nx-html-parser/src/lib/service/html-parser/html-parser.ts","../../../../libs/nx-html-parser/src/nx-all-nx-html-parser.ts"],"sourcesContent":["import { InjectionToken, Signal, signal } from '@angular/core';\r\n\r\nconst invalidHtmlTags = [\r\n  'script',\r\n  'img',\r\n  'body',\r\n  'a',\r\n  'iframe',\r\n  'svg',\r\n  'object',\r\n  'embed',\r\n  'details',\r\n  'video',\r\n  'audio',\r\n  'source',\r\n  'input',\r\n  'button',\r\n  'textarea',\r\n  'select',\r\n  'link',\r\n  'style',\r\n  'base',\r\n  'form',\r\n  'animate',\r\n];\r\n\r\n\r\n\r\nfunction checkInvalidHTMLTags(str: string): boolean {\r\n  const regex = new RegExp(`<\\\\s*\\\\/??\\\\s*(${invalidHtmlTags.join('|')})\\\\b`, 'i');\r\n  return regex.test(str);\r\n}\r\n\r\nfunction securedHTML(input: Signal<string>): string {\r\n  if (!input()) {\r\n    const error = new Error('Input cannot be empty');\r\n    throw error;\r\n  }\r\n\r\n  if (checkInvalidHTMLTags(input())) {\r\n    const error = new Error('XSS : Insecure HTML tags detected as per OWASP guidelines');\r\n    throw error;\r\n  }\r\n  return input();\r\n}\r\n\r\nexport const HtmlParser = new InjectionToken<(input: string) => string>('secureHTML', {\r\n  providedIn: 'root',\r\n  factory: () => {\r\n    return (rawString: string) => securedHTML(signal(rawString));\r\n  },\r\n});\r\n","/**\n * Generated bundle index. Do not edit.\n */\n\nexport * from './index';\n"],"names":[],"mappings":";;AAEA,MAAM,eAAe,GAAG;IACtB,QAAQ;IACR,KAAK;IACL,MAAM;IACN,GAAG;IACH,QAAQ;IACR,KAAK;IACL,QAAQ;IACR,OAAO;IACP,SAAS;IACT,OAAO;IACP,OAAO;IACP,QAAQ;IACR,OAAO;IACP,QAAQ;IACR,UAAU;IACV,QAAQ;IACR,MAAM;IACN,OAAO;IACP,MAAM;IACN,MAAM;IACN,SAAS;CACV;AAID,SAAS,oBAAoB,CAAC,GAAW,EAAA;AACvC,IAAA,MAAM,KAAK,GAAG,IAAI,MAAM,CAAC,kBAAkB,eAAe,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA,IAAA,CAAM,EAAE,GAAG,CAAC;AAChF,IAAA,OAAO,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC;AACxB;AAEA,SAAS,WAAW,CAAC,KAAqB,EAAA;AACxC,IAAA,IAAI,CAAC,KAAK,EAAE,EAAE;AACZ,QAAA,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,uBAAuB,CAAC;AAChD,QAAA,MAAM,KAAK;IACb;AAEA,IAAA,IAAI,oBAAoB,CAAC,KAAK,EAAE,CAAC,EAAE;AACjC,QAAA,MAAM,KAAK,GAAG,IAAI,KAAK,CAAC,2DAA2D,CAAC;AACpF,QAAA,MAAM,KAAK;IACb;IACA,OAAO,KAAK,EAAE;AAChB;MAEa,UAAU,GAAG,IAAI,cAAc,CAA4B,YAAY,EAAE;AACpF,IAAA,UAAU,EAAE,MAAM;IAClB,OAAO,EAAE,MAAK;AACZ,QAAA,OAAO,CAAC,SAAiB,KAAK,WAAW,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC;IAC9D,CAAC;AACF,CAAA;;ACnDD;;AAEG;;;;"}

package/dist/libs/nx-html-parser/index.d.ts

@@ -0,0 +1,6 @@
+import { InjectionToken } from '@angular/core';
+
+declare const HtmlParser: InjectionToken<(input: string) => string>;
+
+export { HtmlParser };
+//# sourceMappingURL=index.d.ts.map

package/dist/libs/nx-html-parser/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sources":["../../../libs/nx-html-parser/src/lib/service/html-parser/html-parser.ts"],"mappings":";;AA8CA,cAAA,UAAa,EAAA,cAAU;;;;","names":[]}

package/package.json

@@ -0,0 +1,76 @@
+{
+  "name": "@nx-all/nx-html-parser",
+  "version": "0.0.2",
+  "license": "MIT",
+  "publishConfig": {
+    "access": "public"
+  },
+  "files": [
+    "dist/",
+    "README.md",
+    "index.js",
+    "index.d.ts"
+  ],
+  "scripts": {
+    "build": "nx build nx-html-parser",
+    "test": "nx test nx-html-parser",
+    "start": "nx serve app-html-parser"
+  },
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/paragkulkarni/nx-html-parser.git"
+  },
+  "author": {
+    "name": "Parag Kulkarni",
+    "email": "parag15363@gmail.com"
+  },
+  "dependencies": {
+    "@angular/common": "~20.3.0",
+    "@angular/compiler": "~20.3.0",
+    "@angular/core": "~20.3.0",
+    "@angular/forms": "~20.3.0",
+    "@angular/platform-browser": "~20.3.0",
+    "@angular/platform-browser-dynamic": "~20.3.0",
+    "@angular/router": "~20.3.0",
+    "rxjs": "~7.8.0",
+    "zone.js": "~0.15.0"
+  },
+  "devDependencies": {
+    "@angular-devkit/core": "~20.3.0",
+    "@angular-devkit/schematics": "~20.3.0",
+    "@angular/build": "~20.3.0",
+    "@angular/cli": "~20.3.0",
+    "@angular/compiler-cli": "~20.3.0",
+    "@angular/language-service": "~20.3.0",
+    "@eslint/js": "^9.8.0",
+    "@nx/angular": "21.6.11",
+    "@nx/eslint": "21.6.11",
+    "@nx/eslint-plugin": "21.6.11",
+    "@nx/jest": "21.6.11",
+    "@nx/js": "21.6.11",
+    "@nx/web": "21.6.11",
+    "@nx/workspace": "21.6.11",
+    "@schematics/angular": "~20.3.0",
+    "@swc-node/register": "~1.9.1",
+    "@swc/core": "~1.5.7",
+    "@swc/helpers": "~0.5.11",
+    "@types/jest": "^29.5.12",
+    "@types/node": "18.16.9",
+    "@typescript-eslint/utils": "^8.40.0",
+    "angular-eslint": "^20.3.0",
+    "eslint": "^9.8.0",
+    "eslint-config-prettier": "^10.0.0",
+    "jest": "^29.7.0",
+    "jest-environment-jsdom": "^29.7.0",
+    "jest-preset-angular": "~14.6.1",
+    "jest-util": "^29.7.0",
+    "ng-packagr": "~20.3.0",
+    "nx": "21.6.11",
+    "prettier": "^2.6.2",
+    "ts-jest": "^29.1.0",
+    "ts-node": "10.9.1",
+    "tslib": "^2.3.0",
+    "typescript": "~5.9.2",
+    "typescript-eslint": "^8.40.0"
+  }
+}