@braintree/sanitize-url
Advanced tools
The @braintree/sanitize-url npm package is designed to help developers ensure that URLs are safe for use within their applications. It provides functionality to sanitize URLs, removing potentially malicious or harmful content. This can be particularly useful in preventing XSS (Cross-Site Scripting) attacks by ensuring that only safe and valid URLs are allowed.
Sanitize URLs
This feature allows you to sanitize a URL, ensuring it is safe to use. If the URL contains potentially harmful JavaScript or other malicious content, it is replaced with 'about:blank', indicating that the original URL was not safe. This is particularly useful for preventing XSS attacks.
"use strict";
const sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
let safeUrl = sanitizeUrl('javascript:alert(document.cookie)');
console.log(safeUrl); // 'about:blank'
safeUrl = sanitizeUrl('https://www.example.com');
console.log(safeUrl); // 'https://www.example.com'While primarily focused on sanitizing HTML input to prevent XSS attacks, sanitize-html can also be used to sanitize URLs within HTML content. It offers a broader range of sanitization features compared to @braintree/sanitize-url, which is specifically focused on URLs.
DOMPurify is another library that can sanitize HTML and prevent XSS attacks. It can be used to sanitize URLs within the context of HTML content. DOMPurify provides a wide range of options for customization and is more focused on HTML content sanitization, whereas @braintree/sanitize-url is specifically tailored for URL sanitization.
xss-filters is a library designed to prevent XSS attacks through various filtering mechanisms, including URL filtering. It offers a suite of secure and context-aware escaping functions. Compared to @braintree/sanitize-url, xss-filters provides a broader approach to XSS prevention, including but not limited to URL sanitization.
npm install -S @braintree/sanitize-url
var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl;
sanitizeUrl("https://example.com"); // 'https://example.com'
sanitizeUrl("http://example.com"); // 'http://example.com'
sanitizeUrl("www.example.com"); // 'www.example.com'
sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com'
sanitizeUrl(
"https://example.com"
); // https://example.com
sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank'
sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank'
sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank'
// HTML encoded javascript:alert('XSS')
sanitizeUrl(
"javascript:alert('XSS')"
); // 'about:blank'
This library uses Vitest. All testing dependencies
will be installed upon npm install and the test suite can be executed with
npm test. Running the test suite will also run lint checks upon exiting.
npm test
To generate a coverage report, use npm run coverage.
7.1.1
DevDependency Changes
Update (sub-)dependencies
FAQs
A url sanitizer
The npm package @braintree/sanitize-url receives a total of 2,081,227 weekly downloads. As such, @braintree/sanitize-url popularity was classified as popular.
We found that @braintree/sanitize-url demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Open source maintainers are urging GitHub to let them block Copilot from submitting AI-generated issues and pull requests to their repositories.
Research
Security News
Malicious Koishi plugin silently exfiltrates messages with hex strings to a hardcoded QQ account, exposing secrets in chatbots across platforms.
Research
Security News
Malicious PyPI checkers validate stolen emails against TikTok and Instagram APIs, enabling targeted account attacks and dark web credential sales.