UNPKG

@plasius/schema

Version:

Entity schema definition & validation helpers for Plasius ecosystem

github.com/Plasius-LTD/schema

Plasius-LTD/schema

35 lines (29 loc) 977 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
/** * Validates rich text input to ensure it contains only safe HTML/Markdown. * Global Standard: OWASP HTML Sanitization Guidelines (2024). * This validator checks for dangerous patterns — does not sanitize — assumes text will be sanitized downstream. */ export function validateRichText(value: unknown): boolean { if (typeof value !== "string") return false; const trimmed = value.trim(); if (trimmed.length === 0) return true; // Allow empty rich text // Reject known dangerous tags if ( /<(script|iframe|object|embed|style|link|meta|base|form|input|button|textarea|select)\b/i.test( trimmed ) ) { return false; } // Reject javascript: links if (/javascript:/i.test(trimmed)) { return false; } // Reject event handlers (onload, onclick, etc) if (/on\w+=["']?/i.test(trimmed)) { return false; } // Optionally: limit max length (e.g. 10,000 chars) if (trimmed.length > 10000) return false; return true; }