npm - sanitized - Versions diffs - 1.1.5 - Mend

sanitized 1.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,38 @@
+# sanitized
+sanitized() is a recursive function that'll sanitize a string or ALL strings in an object or array. It's great for sanitizing form data before it gets submitted to the back-end (re: protection against XSS attacks).
+It accepts two params the first being the value to sanitize, and the second being options to pass to [DOMPurify](https://www.npmjs.com/package/dompurify).
+## Installation
+```
+$ npm i sanitized
+```
+## Usage
+```javascript
+const sanitized = require("sanitized");
+// or,
+// import sanitized from "sanitized"
+const test = [
+	"<svg><g/onload=alert(2)//<p>",
+	{
+		name1: [
+			'<math><mi//xlink:href="data:x,<script>alert(4)</script>">',
+			{ name2: "<p>abc<iframe//src=jAva&Tab;script:alert(3)>def" },
+		],
+	},
+];
+sanitized(test);
+// Result:
+//
+// [
+//  "<svg><g></g></svg>",
+//  { name1: ["<math><mi></mi></math>", { name2: "<p>abc</p>" }] }
+// ];
+```

package/index.js ADDED Viewed

@@ -0,0 +1,53 @@
+const DOMPurify = require("dompurify");
+const { decode } = require("he");
+let sanitizer = (dirty) => dirty;
+if (DOMPurify.sanitize) {
+  sanitizer = (dirty, options) => decode(DOMPurify.sanitize(dirty, options));
+} else {
+  try {
+    const { JSDOM } = require("jsdom");
+    const { window } = new JSDOM("<!DOCTYPE html>");
+    DOMPurifyWindow = DOMPurify(window);
+    sanitizer = (dirty, options) =>
+      decode(DOMPurifyWindow.sanitize(dirty, options));
+  } catch (error) {
+    console.error(error);
+  }
+}
+function sanitize(dirty, DOMPurifyOptions, callback) {
+  try {
+    if (typeof dirty === "string")
+      return sanitizer(dirty, DOMPurifyOptions, callback);
+    if (dirty && dirty.constructor === Array) {
+      let clone = [].concat(dirty);
+      for (let i = 0; i < clone.length; i++) {
+        clone[i] = sanitize(clone[i], DOMPurifyOptions, callback);
+      }
+      return clone;
+    }
+    if (dirty && dirty.constructor === Object) {
+      let clone = JSON.parse(JSON.stringify(dirty));
+      let cloneKeys = Object.keys(clone);
+      for (let i = 0; i < cloneKeys.length; i++) {
+        const cloneKey = cloneKeys[i];
+        clone[cloneKey] = sanitize(clone[cloneKey], DOMPurifyOptions, callback);
+      }
+      return clone;
+    }
+    if (callback) callback(null, dirty);
+    return dirty;
+  } catch (err) {
+    if (callback) callback(err);
+    return dirty;
+  }
+}
+module.exports = sanitize;

package/package.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "name": "sanitized",
+  "version": "1.1.5",
+  "description": "Recursive function that'll sanitize a string or ALL strings in an object or array.",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/nameer-rizvi/sanitized.git"
+  },
+  "keywords": [
+    "sanitizer",
+    "purifier",
+    "XSS"
+  ],
+  "author": "Nameer Rizvi (https://github.com/nameer-rizvi)",
+  "license": "ISC",
+  "bugs": {
+    "url": "https://github.com/nameer-rizvi/sanitized/issues"
+  },
+  "homepage": "https://github.com/nameer-rizvi/sanitized#readme",
+  "dependencies": {
+    "dompurify": "^2.3.3",
+    "he": "^1.2.0",
+    "jsdom": "^17.0.0"
+  }
+}