@braintree/sanitize-url
Advanced tools
The @braintree/sanitize-url npm package is designed to help developers ensure that URLs are safe for use within their applications. It provides functionality to sanitize URLs, removing potentially malicious or harmful content. This can be particularly useful in preventing XSS (Cross-Site Scripting) attacks by ensuring that only safe and valid URLs are allowed.
Sanitize URLs
This feature allows you to sanitize a URL, ensuring it is safe to use. If the URL contains potentially harmful JavaScript or other malicious content, it is replaced with 'about:blank', indicating that the original URL was not safe. This is particularly useful for preventing XSS attacks.
"use strict";
const sanitizeUrl = require('@braintree/sanitize-url').sanitizeUrl;
let safeUrl = sanitizeUrl('javascript:alert(document.cookie)');
console.log(safeUrl); // 'about:blank'
safeUrl = sanitizeUrl('https://www.example.com');
console.log(safeUrl); // 'https://www.example.com'While primarily focused on sanitizing HTML input to prevent XSS attacks, sanitize-html can also be used to sanitize URLs within HTML content. It offers a broader range of sanitization features compared to @braintree/sanitize-url, which is specifically focused on URLs.
DOMPurify is another library that can sanitize HTML and prevent XSS attacks. It can be used to sanitize URLs within the context of HTML content. DOMPurify provides a wide range of options for customization and is more focused on HTML content sanitization, whereas @braintree/sanitize-url is specifically tailored for URL sanitization.
xss-filters is a library designed to prevent XSS attacks through various filtering mechanisms, including URL filtering. It offers a suite of secure and context-aware escaping functions. Compared to @braintree/sanitize-url, xss-filters provides a broader approach to XSS prevention, including but not limited to URL sanitization.
npm install -S @braintree/sanitize-url
var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl;
sanitizeUrl("https://example.com"); // 'https://example.com'
sanitizeUrl("http://example.com"); // 'http://example.com'
sanitizeUrl("www.example.com"); // 'www.example.com'
sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com'
sanitizeUrl(
"https://example.com"
); // https://example.com
sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank'
sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank'
sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank'
// HTML encoded javascript:alert('XSS')
sanitizeUrl(
"javascript:alert('XSS')"
); // 'about:blank'
This library uses Vitest. All testing dependencies
will be installed upon npm install and the test suite can be executed with
npm test. Running the test suite will also run lint checks upon exiting.
npm test
To generate a coverage report, use npm run coverage.
7.0.4
FAQs
A url sanitizer
The npm package @braintree/sanitize-url receives a total of 1,593,409 weekly downloads. As such, @braintree/sanitize-url popularity was classified as popular.
We found that @braintree/sanitize-url demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.
Security News
vlt introduced its new package manager and a serverless registry this week, innovating in a space where npm has stagnated.