UNPKG

form-text-sanitizer

Version:

Sanitize strings — expecting text — from html, svg, erb, and mustache expressions.

github.com/vsots/form-text-sanitizer

vsots/form-text-sanitizer

37 lines (27 loc) 1.14 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# Form-Text-Sanitizer form-text-sanitizer is a super-fast string sanitizer checking for HTML, SVG, ERB, and Mustache Expressions that may be contained inside input text. It is intended to prevent XSS Attacks. ## Usage Installation: ```bash npm i form-text-sanitizer ``` Import the `checkAndSanitizeString` function to your JavaScript file: ```js import checkAndSanitizeString from "form-text-sanitizer"; ``` Input the string you wish to sanitize and (optionally) destructure the response: ```js const { originalString, suggestedString, matches } = checkAndSanitizeString("My message: <Script>alert('XSS')</SCRIPT>End message."); ``` In the above example the response will be: ```js { originalString: "My message: <script>alert('XSS')</SCRIPT>End message.", suggestedString: "My message: End message.", matches: ["<script>alert('XSS')</SCRIPT>"] } ``` `originalString` - User input string `suggestedString` - Sanitized string `matches` - Array of string(s) that are potentially malicious. This can be empty if no such strings are detected. In this case, `suggestedString` and `originalString` will be the same.