/safe-html

An experiment in providing a safer interface to the DOM in Elm.

Primary LanguageElmMIT LicenseMIT

Html.Safe

This package is an early exploration. You probably don't want to use it, other than to try it out.

If you do experiment with it, we are glad to hear feedback about it. This includes:

  • pain points
  • ways to break the package guarantees

This package aims to let you build views where certain things can't happen. It does this by providing a SafeHtml msg type. Unlike Html, SafeHtml cannot represent arbitrary DOM trees.

With Html third party code you call can inject arbitrary JS into your view. Ideally, SafeHtml would protect you from that attack vector. If it's possible to cover others too, that's even better!