Sanitize HTML With Ammonia In Rust

Overview

I'm using the ammonia rust crate to sanitize HTML for my twitch bot. I'm using it like this:

use ammonia::Builder;
use maplit::{hashmap, hashset};

fn main() {
    let source = r#"
        <div>
            <span id="alfa" class="bravo">charlie</span>
        </div>
    "#;
    let scrubbed = sanatize_html(source);
    dbg!(scrubbed);
}

fn sanatize_html(source: &str) -> String {
    let tags = hashset!["span"];
    let tag_attrs = hashmap![
        "span" => hashset!["id"]
    ];
    Builder::new()
        .tags(tags)
        .tag_attributes(tag_attrs)
        .clean(source)
        .to_string()
}

Details

Only tags and attributes for the tags are are explicitly added will be allowed through
Permitted tags are added to the tags hashset and added to the Builder via .tags()
Attributes for defined for each tag tag_attrs and added via .tag_attributes()
The output is returned as a string. In this example about the result is:

<span id="alfa">charlie</span>

Installation

Installing the crate is done with:

cargo add ammonia
cargo add maplit

The matlit crate provides the macros used in the example to make the hashsets and hashmap. It's not required. Using the std hash features works as well.

-- end of line --

References

Ammonia

"Designed to prevent cross-site scripting, layout breaking, and clickjacking caused by untrusted user-provided HTML being mixed into a larger web page"
html5ever

This is what ammonia uses under the hood for parsing
Ammonia Builder

The made struct for setting up a sanitize run