UNPKG

@braintree/sanitize-url/README.md

Version:

1.38 kBMarkdownView Raw

1# sanitize-url
2
3## Installation
4
5```sh
6npm install -S @braintree/sanitize-url
7```
8
9## Usage
10
11```js
12var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl;
13
14sanitizeUrl("https://example.com"); // 'https://example.com'
15sanitizeUrl("http://example.com"); // 'http://example.com'
16sanitizeUrl("www.example.com"); // 'www.example.com'
17sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com'
18sanitizeUrl(
19  "&#104;&#116;&#116;&#112;&#115;&#0000058//&#101;&#120;&#97;&#109;&#112;&#108;&#101;&#46;&#99;&#111;&#109;"
20); // https://example.com
21
22sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank'
23sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank'
24sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank'
25// HTML encoded javascript:alert('XSS')
26sanitizeUrl(
27  "&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041"
28); // 'about:blank'
29```
30
31## Testing
32
33This library uses [Vitest](https://vitest.dev/). All testing dependencies
34will be installed upon `npm install` and the test suite can be executed with
35`npm test`. Running the test suite will also run lint checks upon exiting.
36
37    npm test
38
39To generate a coverage report, use `npm run coverage`.

1	`# sanitize-url`
2
3	`## Installation`
4
5	```sh
6	`npm install -S @braintree/sanitize-url`
7	```
8
9	`## Usage`
10
11	```js
12	`var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl;`
13
14	`sanitizeUrl("https://example.com"); // 'https://example.com'`
15	`sanitizeUrl("http://example.com"); // 'http://example.com'`
16	`sanitizeUrl("www.example.com"); // 'www.example.com'`
17	`sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com'`
18	`sanitizeUrl(`
19	`"https&#0000058//example.com"`
20	`); // https://example.com`
21
22	`sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank'`
23	`sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank'`
24	`sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank'`
25	`// HTML encoded javascript:alert('XSS')`
26	`sanitizeUrl(`
27	`"&#0000106&#0000097&#0000118&#0000097&#0000115&#0000099&#0000114&#0000105&#0000112&#0000116&#0000058&#0000097&#0000108&#0000101&#0000114&#0000116&#0000040&#0000039&#0000088&#0000083&#0000083&#0000039&#0000041"`
28	`); // 'about:blank'`
29	```
30
31	`## Testing`
32
33	`This library uses [Vitest](https://vitest.dev/). All testing dependencies`
34	will be installed upon `npm install` and the test suite can be executed with
35	`npm test`. Running the test suite will also run lint checks upon exiting.
36
37	`npm test`
38
39	To generate a coverage report, use `npm run coverage`.