UNPKG

@juspay/neurolink

Version:

Universal AI Development Platform with working MCP integration, multi-provider support, voice (TTS/STT/realtime), and professional CLI. 58+ external MCP servers discoverable, multimodal file processing, RAG pipelines. Build, test, and deploy AI applicatio

github.com/juspay/neurolink

juspay/neurolink

72 lines (71 loc) 2.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
/** * SVG Sanitization Utilities * OWASP-compliant SVG sanitization using allowlist approach * * This module addresses: * - Script tag injection * - Event handler injection (onload, onerror, etc.) * - javascript: URL schemes * - CSS-based XSS (expression(), url(), -moz-binding) * - SMIL animation attacks * - foreignObject-based HTML injection * - External reference attacks (use, image elements) * - XXE via DOCTYPE/ENTITY declarations * * Uses regex-based approach for robustness without external dependencies. * * @see https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html */ import type { SvgSanitizationResult } from "../../types/index.js"; /** * Sanitize SVG content by removing dangerous elements and attributes. * Uses OWASP-compliant allowlist approach with regex-based parsing. * * @param svgContent - Raw SVG content to sanitize * @returns Sanitized SVG content * @throws Error if SVG content is invalid or contains XXE declarations * * @example * const malicious = '<svg><script>alert(1)</script></svg>'; * const safe = sanitizeSvgContent(malicious); // '<svg></svg>' * * @example * const xss = '<svg onload="alert(1)"><rect fill="red"/></svg>'; * const safe = sanitizeSvgContent(xss); // '<svg><rect fill="red"/></svg>' */ export declare function sanitizeSvgContent(svgContent: string): string; /** * Sanitize SVG content with detailed information about what was removed. * Useful for logging and security auditing. * * @param svgContent - Raw SVG content to sanitize * @returns Detailed sanitization result with removed items * @throws Error if SVG content is invalid or contains XXE declarations */ export declare function sanitizeSvgContentDetailed(svgContent: string): SvgSanitizationResult; /** * Check if SVG content appears to be safe (quick validation). * Does NOT sanitize - use sanitizeSvgContent for that. * * @param svgContent - SVG content to check * @returns true if content appears safe, false if it contains suspicious patterns */ export declare function isSvgContentSafe(svgContent: string): boolean; /** * Legacy alias for sanitizeSvgContent. * Maintained for backward compatibility. * * @param svgContent - Raw SVG content * @returns Sanitized SVG content */ export declare function sanitizeSvg(svgContent: string): string; /** * Get lists of safe and dangerous elements/attributes for reference. * Useful for documentation and debugging. */ export declare function getSvgSanitizationRules(): { safeElements: string[]; dangerousElements: string[]; safeAttributes: string[]; dangerousAttributes: string[]; };