{"id":"d497539a-149c-40e8-a2fb-f174ef470a01","shortId":"LvQAXy","kind":"skill","title":"Sanitize untrusted HTML fragments before rendering previews, comments, or CMS content with DOMPurify","tagline":"Use DOMPurify when an agent must accept HTML from users, rich text editors, imports, or model output but cannot safely render it as-is. The skill strips dangerous markup and unsafe attributes before the content is shown in previews, stored in CMS fields, or embedded in downstream","description":"# Sanitize untrusted HTML fragments before rendering previews, comments, or CMS content with DOMPurify\n\nUse DOMPurify when an agent must accept HTML from users, rich text editors, imports, or model output but cannot safely render it as-is. The skill strips dangerous markup and unsafe attributes before the content is shown in previews, stored in CMS fields, or embedded in downstream pages.\n\n## Prerequisites\n\nNode.js or a JavaScript runtime with DOM support\n\n## Installation\n\nUse the upstream install or setup path that matches your environment:\n- npm install dompurify\n- npm install jsdom\n- npm install isomorphic-dompurify\n\nRequirements and caveats from upstream:\n- Our automated tests cover 9 browser/OS combinations (Chromium, Firefox, and WebKit across Ubuntu, macOS, and Windows) on every push, plus Node.js v20, v22, v24, v25 and v26 running DOMPurify on [jsdom](https://github....\n- DOMPurify technically also works server-side with Node.js. Our support strives to follow the [Node.js release cycle](https://nodejs.org/en/about/previous-releases).\n- Running DOMPurify on the server requires a DOM to be present, which is probably no surprise. Usually, [jsdom](https://github.com/jsdom/jsdom) is the tool of choice and we **strongly recommend** to use the latest versi...\n\nBasic usage or getting-started notes:\n- If you have problems making it work in your specific setup, consider looking at the amazing [isomorphic-dompurify](https://github.com/kkomelin/isomorphic-dompurify) project which solves lots of problems people might r...\n- Note that in order to create a policy in trustedTypes using DOMPurify, RETURN_TRUSTED_TYPE: false is required, as createHTML expects a normal string, not TrustedHTML. The example below shows this.\n- // be careful please, this mode is not recommended for production usage.\n\n- Source: https://github.com/cure53/DOMPurify\n- Extracted from upstream docs: https://raw.githubusercontent.com/cure53/DOMPurify/HEAD/README.md\n\n## Documentation\n\n- https://github.com/cure53/DOMPurify#readme\n\n## Source\n\n- [Agent Skill Exchange](https://agentskillexchange.com/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify/)","tags":["sanitize","untrusted","html","fragments","before","rendering","previews","comments","cms","content","dompurify","skills"],"capabilities":["skill","source-agentskillexchange","skill-sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify","topic-agent-skills","topic-ai-agents","topic-ai-tools","topic-awesome-list","topic-claude-code","topic-codex","topic-cursor","topic-llm","topic-mcp","topic-npx-skills","topic-openclaw","topic-skills-catalog"],"categories":["skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/agentskillexchange/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add agentskillexchange/skills","source_repo":"https://github.com/agentskillexchange/skills","install_from":"skills.sh"}},"qualityScore":"0.454","qualityRationale":"deterministic score 0.45 from registry signals: · indexed on github topic:agent-skills · 8 github stars · SKILL.md body (2,196 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-18T19:12:16.687Z","embedding":null,"createdAt":"2026-05-18T13:19:06.272Z","updatedAt":"2026-05-18T19:12:16.687Z","lastSeenAt":"2026-05-18T19:12:16.687Z","tsv":"'/cure53/dompurify':332 '/cure53/dompurify#readme':343 '/cure53/dompurify/head/readme.md':339 '/en/about/previous-releases).':213 '/jsdom/jsdom)':234 '/kkomelin/isomorphic-dompurify)':277 '/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify/)':350 '9':165 'accept':20,81 'across':172 'agent':18,79,345 'agentskillexchange.com':349 'agentskillexchange.com/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify/)':348 'also':195 'amaz':271 'as-i':36,97 'attribut':46,107 'autom':162 'basic':249 'browser/os':166 'cannot':32,93 'care':319 'caveat':158 'choic':239 'chromium':168 'cms':10,56,71,117 'combin':167 'comment':8,69 'consid':267 'content':11,49,72,110 'cover':164 'creat':292 'createhtml':306 'cycl':210 'danger':42,103 'doc':336 'document':340 'dom':131,221 'dompurifi':13,15,74,76,147,155,189,193,215,274,298 'downstream':61,122 'editor':26,87 'embed':59,120 'environ':144 'everi':178 'exampl':314 'exchang':347 'expect':307 'extract':333 'fals':302 'field':57,118 'firefox':169 'follow':206 'fragment':4,65 'get':253 'getting-start':252 'github':192 'github.com':233,276,331,342 'github.com/cure53/dompurify':330 'github.com/cure53/dompurify#readme':341 'github.com/jsdom/jsdom)':232 'github.com/kkomelin/isomorphic-dompurify)':275 'html':3,21,64,82 'import':27,88 'instal':133,137,146,149,152 'isomorph':154,273 'isomorphic-dompurifi':153,272 'javascript':128 'jsdom':150,191,231 'latest':247 'look':268 'lot':281 'maco':174 'make':260 'markup':43,104 'match':142 'might':285 'mode':322 'model':29,90 'must':19,80 'node.js':125,181,201,208 'nodejs.org':212 'nodejs.org/en/about/previous-releases).':211 'normal':309 'note':255,287 'npm':145,148,151 'order':290 'output':30,91 'page':123 'path':140 'peopl':284 'pleas':320 'plus':180 'polici':294 'prerequisit':124 'present':224 'preview':7,53,68,114 'probabl':227 'problem':259,283 'product':327 'project':278 'push':179 'r':286 'raw.githubusercontent.com':338 'raw.githubusercontent.com/cure53/dompurify/head/readme.md':337 'recommend':243,325 'releas':209 'render':6,34,67,95 'requir':156,219,304 'return':299 'rich':24,85 'run':188,214 'runtim':129 'safe':33,94 'sanit':1,62 'server':198,218 'server-sid':197 'setup':139,266 'show':316 'shown':51,112 'side':199 'skill':40,101,346 'skill-sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify' 'solv':280 'sourc':329,344 'source-agentskillexchange' 'specif':265 'start':254 'store':54,115 'string':310 'strip':41,102 'strive':204 'strong':242 'support':132,203 'surpris':229 'technic':194 'test':163 'text':25,86 'tool':237 'topic-agent-skills' 'topic-ai-agents' 'topic-ai-tools' 'topic-awesome-list' 'topic-claude-code' 'topic-codex' 'topic-cursor' 'topic-llm' 'topic-mcp' 'topic-npx-skills' 'topic-openclaw' 'topic-skills-catalog' 'trust':300 'trustedhtml':312 'trustedtyp':296 'type':301 'ubuntu':173 'unsaf':45,106 'untrust':2,63 'upstream':136,160,335 'usag':250,328 'use':14,75,134,245,297 'user':23,84 'usual':230 'v20':182 'v22':183 'v24':184 'v25':185 'v26':187 'versi':248 'webkit':171 'window':176 'work':196,262","prices":[{"id":"91da1e11-da24-428e-9b53-cb2b8aa11bc7","listingId":"d497539a-149c-40e8-a2fb-f174ef470a01","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"agentskillexchange","category":"skills","install_from":"skills.sh"},"createdAt":"2026-05-18T13:19:06.272Z"}],"sources":[{"listingId":"d497539a-149c-40e8-a2fb-f174ef470a01","source":"github","sourceId":"agentskillexchange/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify","sourceUrl":"https://github.com/agentskillexchange/skills/tree/main/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify","isPrimary":false,"firstSeenAt":"2026-05-18T13:19:06.272Z","lastSeenAt":"2026-05-18T19:12:16.687Z"}],"details":{"listingId":"d497539a-149c-40e8-a2fb-f174ef470a01","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"agentskillexchange","slug":"sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify","github":{"repo":"agentskillexchange/skills","stars":8,"topics":["agent-skills","ai-agents","ai-tools","awesome-list","claude-code","codex","cursor","llm","mcp","npx-skills","openclaw","skills-catalog"],"license":"mit","html_url":"https://github.com/agentskillexchange/skills","pushed_at":"2026-05-18T19:02:17Z","description":"The open catalog of AI agent skills — 2,000+ security-scanned skills for Claude Code, Cursor, Codex, and more.","skill_md_sha":"13668fbaa5187df8bf8314fa8488ac2191470f20","skill_md_path":"skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/agentskillexchange/skills/tree/main/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify"},"layout":"multi","source":"github","category":"skills","frontmatter":{"name":"Sanitize untrusted HTML fragments before rendering previews, comments, or CMS content with DOMPurify","description":"Use DOMPurify when an agent must accept HTML from users, rich text editors, imports, or model output but cannot safely render it as-is. The skill strips dangerous markup and unsafe attributes before the content is shown in previews, stored in CMS fields, or embedded in downstream pages."},"skills_sh_url":"https://skills.sh/agentskillexchange/skills/sanitize-untrusted-html-fragments-before-rendering-previews-comments-or-cms-content-dompurify"},"updatedAt":"2026-05-18T19:12:16.687Z"}}