UNPKG

@braintree/sanitize-url

Version:

A url sanitizer

github.com/braintree/sanitize-url

braintree/sanitize-url

40 lines (29 loc) 1.38 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# sanitize-url ## Installation ```sh npm install -S @braintree/sanitize-url ``` ## Usage ```js var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl; sanitizeUrl("https://example.com"); // 'https://example.com' sanitizeUrl("http://example.com"); // 'http://example.com' sanitizeUrl("www.example.com"); // 'www.example.com' sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com' sanitizeUrl( "https&#0000058//example.com", ); // https://example.com sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank' sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank' sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank' // HTML encoded javascript:alert('XSS') sanitizeUrl( "&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041", ); // 'about:blank' ``` ## Testing This library uses [Vitest](https://vitest.dev/). All testing dependencies will be installed upon `npm install` and the test suite can be executed with `npm test`. Running the test suite will also run lint checks upon exiting. npm test To generate a coverage report, use `npm run coverage`.