1 | # sanitize-url
|
2 |
|
3 | ## Installation
|
4 |
|
5 | ```sh
|
6 | npm install -S @braintree/sanitize-url
|
7 | ```
|
8 |
|
9 | ## Usage
|
10 |
|
11 | ```js
|
12 | var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl;
|
13 |
|
14 | sanitizeUrl("https://example.com"); // 'https://example.com'
|
15 | sanitizeUrl("http://example.com"); // 'http://example.com'
|
16 | sanitizeUrl("www.example.com"); // 'www.example.com'
|
17 | sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com'
|
18 | sanitizeUrl(
|
19 | "https://example.com"
|
20 | ); // https://example.com
|
21 |
|
22 | sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank'
|
23 | sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank'
|
24 | sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank'
|
25 | // HTML encoded javascript:alert('XSS')
|
26 | sanitizeUrl(
|
27 | "javascript:alert('XSS')"
|
28 | ); // 'about:blank'
|
29 | ```
|
30 |
|
31 | ## Testing
|
32 |
|
33 | This library uses [Vitest](https://vitest.dev/). All testing dependencies
|
34 | will be installed upon `npm install` and the test suite can be executed with
|
35 | `npm test`. Running the test suite will also run lint checks upon exiting.
|
36 |
|
37 | npm test
|
38 |
|
39 | To generate a coverage report, use `npm run coverage`.
|