Security News
How Threat Actors are Abusing GitHub’s File Upload Feature to Host Malware
GitHub is susceptible to a CDN flaw that allows attackers to host malware on any public repository.
By Sarah Gooding - Apr 23, 2024
@braintree/sanitize-url
Advanced tools
- Version published
- Weekly downloads
- 1.3M
- increased by0.39%
- Maintainers
- 1
- Install size
- 19.2 kB
- Created
- Weekly downloads
Package description
What is @braintree/sanitize-url?
The @braintree/sanitize-url npm package is designed to help developers ensure that URLs are safe for use within their applications. It provides functionality to sanitize URLs, removing potentially malicious or harmful content. This can be particularly useful in preventing XSS (Cross-Site Scripting) attacks by ensuring that only safe and valid URLs are allowed.
What are @braintree/sanitize-url's main functionalities?
Sanitize URLs
This feature allows you to sanitize a URL, ensuring it is safe to use. If the URL contains potentially harmful JavaScript or other malicious content, it is replaced with 'about:blank', indicating that the original URL was not safe. This is particularly useful for preventing XSS attacks.
"use strict";
const sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
let safeUrl = sanitizeUrl('javascript:alert(document.cookie)');
console.log(safeUrl); // 'about:blank'
safeUrl = sanitizeUrl('https://www.example.com');
console.log(safeUrl); // 'https://www.example.com'Other packages similar to @braintree/sanitize-url
sanitize-html
While primarily focused on sanitizing HTML input to prevent XSS attacks, sanitize-html can also be used to sanitize URLs within HTML content. It offers a broader range of sanitization features compared to @braintree/sanitize-url, which is specifically focused on URLs.
dompurify
DOMPurify is another library that can sanitize HTML and prevent XSS attacks. It can be used to sanitize URLs within the context of HTML content. DOMPurify provides a wide range of options for customization and is more focused on HTML content sanitization, whereas @braintree/sanitize-url is specifically tailored for URL sanitization.
xss-filters
xss-filters is a library designed to prevent XSS attacks through various filtering mechanisms, including URL filtering. It offers a suite of secure and context-aware escaping functions. Compared to @braintree/sanitize-url, xss-filters provides a broader approach to XSS prevention, including but not limited to URL sanitization.
Readme
sanitize-url
Installation
npm install -S @braintree/sanitize-url
Usage
var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl;
sanitizeUrl("https://example.com"); // 'https://example.com'
sanitizeUrl("http://example.com"); // 'http://example.com'
sanitizeUrl("www.example.com"); // 'www.example.com'
sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com'
sanitizeUrl(
"https://example.com"
); // https://example.com
sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank'
sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank'
sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank'
// HTML encoded javascript:alert('XSS')
sanitizeUrl(
"javascript:alert('XSS')"
); // 'about:blank'
Testing
This library uses Vitest. All testing dependencies
will be installed upon npm install and the test suite can be executed with
npm test. Running the test suite will also run lint checks upon exiting.
npm test
To generate a coverage report, use npm run coverage.
FAQs
A url sanitizer
The npm package @braintree/sanitize-url receives a total of 1,070,083 weekly downloads. As such, @braintree/sanitize-url popularity was classified as popular.
We found that @braintree/sanitize-url demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Last updated on 18 Mar 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
By Sarah Gooding - Apr 19, 2024
Research
Security News
npm Package for ReExt React Components Library Exfiltrates Git Credentials
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
By Sarah Gooding, Socket Research Team - Apr 18, 2024