sanitized 1.1.3 → 1.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +8 -8
  2. package/index.js +28 -35
  3. package/package.json +4 -4
package/README.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # sanitized
2
2
 
3
- sanitized() is a recursive function that'll sanitize a string or ALL strings in an object or array. It's great for sanitizing form data before it gets submitted to the back-end (re: protection against XSS attacks).
3
+ sanitized() is a recursive function that'll sanitize a string or ALL strings in a json input. It's great for sanitizing form data before it gets submitted to the back-end (re: protection against XSS attacks).
4
4
 
5
5
  It accepts two params the first being the value to sanitize, and the second being options to pass to [DOMPurify](https://www.npmjs.com/package/dompurify).
6
6
 
@@ -18,13 +18,13 @@ const sanitized = require("sanitized");
18
18
  // import sanitized from "sanitized"
19
19
 
20
20
  const test = [
21
- "<svg><g/onload=alert(2)//<p>",
22
- {
23
- name1: [
24
- '<math><mi//xlink:href="data:x,<script>alert(4)</script>">',
25
- { name2: "<p>abc<iframe//src=jAva&Tab;script:alert(3)>def" },
26
- ],
27
- },
21
+ "<svg><g/onload=alert(2)//<p>",
22
+ {
23
+ name1: [
24
+ '<math><mi//xlink:href="data:x,<script>alert(4)</script>">',
25
+ { name2: "<p>abc<iframe//src=jAva&Tab;script:alert(3)>def" },
26
+ ],
27
+ },
28
28
  ];
29
29
 
30
30
  sanitized(test);
package/index.js CHANGED
@@ -1,49 +1,42 @@
1
1
  const DOMPurify = require("dompurify");
2
- const { decode } = require("he");
2
+ const he = require("he");
3
3
 
4
4
  let sanitizer = (dirty) => dirty;
5
5
 
6
- const logError = (error) => console.error("[sanitized] " + error.toString());
7
-
8
6
  if (DOMPurify.sanitize) {
9
- sanitizer = (dirty, options) => decode(DOMPurify.sanitize(dirty, options));
7
+ sanitizer = (dirty, options) => he.decode(DOMPurify.sanitize(dirty, options));
10
8
  } else {
11
9
  try {
12
- const { JSDOM } = require("jsdom");
13
- const { window } = new JSDOM("<!DOCTYPE html>");
14
- DOMPurifyWindow = DOMPurify(window);
10
+ const jsdom = require("jsdom");
11
+ const JSDOM = new jsdom.JSDOM("<!DOCTYPE html>");
12
+ const DOMPurifyWindow = DOMPurify(JSDOM.window);
15
13
  sanitizer = (dirty, options) =>
16
- decode(DOMPurifyWindow.sanitize(dirty, options));
14
+ he.decode(DOMPurifyWindow.sanitize(dirty, options));
17
15
  } catch (error) {
18
- logError(error);
16
+ console.error(error);
19
17
  }
20
18
  }
21
19
 
22
- function handleDirtyValue(dirty, DOMPurifyOptions) {
23
- if (dirty) {
24
- if (dirty.constructor === String) {
25
- return sanitizer(dirty, DOMPurifyOptions);
26
- } else if (dirty.constructor === Array) {
27
- let clone = [].concat(dirty);
28
- for (let i = 0; i < clone.length; i++) {
29
- clone[i] = handleDirtyValue(clone[i], DOMPurifyOptions);
30
- }
31
- return clone;
32
- } else if (dirty.constructor === Object) {
33
- try {
34
- let clone = JSON.parse(JSON.stringify(dirty));
35
- let cloneKeys = Object.keys(clone);
36
- for (let j = 0; j < cloneKeys.length; j++) {
37
- const cloneKey = cloneKeys[j];
38
- clone[cloneKey] = handleDirtyValue(clone[cloneKey], DOMPurifyOptions);
39
- }
40
- return clone;
41
- } catch (error) {
42
- logError(error);
43
- return dirty;
44
- }
45
- } else return dirty;
46
- } else return dirty;
20
+ function sanitized(dirty, DOMPurifyOptions, errorHandler) {
21
+ try {
22
+ let clone = JSON.parse(JSON.stringify(dirty));
23
+
24
+ if (typeof clone === "string") clone = sanitizer(clone, DOMPurifyOptions);
25
+
26
+ if (clone instanceof Array)
27
+ for (let i = 0; i < clone.length; i++)
28
+ clone[i] = sanitized(clone[i], DOMPurifyOptions);
29
+
30
+ if (clone instanceof Object)
31
+ for (cloneKey of Object.keys(clone))
32
+ clone[cloneKey] = sanitized(clone[cloneKey], DOMPurifyOptions);
33
+
34
+ return clone;
35
+ } catch (err) {
36
+ if (errorHandler) errorHandler(err);
37
+
38
+ return dirty;
39
+ }
47
40
  }
48
41
 
49
- module.exports = handleDirtyValue;
42
+ module.exports = sanitized;
package/package.json CHANGED
@@ -1,7 +1,7 @@
1
1
  {
2
2
  "name": "sanitized",
3
- "version": "1.1.3",
4
- "description": "Recursive function that'll sanitize a string or ALL strings in an object or array.",
3
+ "version": "1.1.6",
4
+ "description": "Recursive function that'll sanitize a string or ALL strings in a json input.",
5
5
  "main": "index.js",
6
6
  "scripts": {
7
7
  "test": "echo \"Error: no test specified\" && exit 1"
@@ -22,8 +22,8 @@
22
22
  },
23
23
  "homepage": "https://github.com/nameer-rizvi/sanitized#readme",
24
24
  "dependencies": {
25
- "dompurify": "^2.2.8",
25
+ "dompurify": "^2.3.6",
26
26
  "he": "^1.2.0",
27
- "jsdom": "^16.5.3"
27
+ "jsdom": "^19.0.0"
28
28
  }
29
29
  }