Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
character-reference-invalid
Advanced tools
Map of invalid numeric character references to their replacements, according to HTML
The character-reference-invalid npm package provides utilities for handling invalid character references in HTML and XML documents. It is primarily used to encode and decode invalid characters to ensure that text is safely and correctly processed in web applications and other environments that handle HTML/XML content.
Decoding invalid character references
This feature allows the decoding of invalid character references into their respective Unicode representations, which is useful for processing or sanitizing input data in web applications.
const cri = require('character-reference-invalid');
console.log(cri.decode('�')); // Outputs: \\uD800
Encoding characters to invalid references
This feature enables the encoding of characters into their equivalent invalid character references. This is particularly useful when you need to generate HTML or XML output that includes characters that might otherwise be handled incorrectly by some parsers.
const cri = require('character-reference-invalid');
console.log(cri.encode(String.fromCodePoint(0xD800))); // Outputs: '�'
The 'he' package is an HTML entity encoder/decoder. Unlike character-reference-invalid, which focuses on invalid character references, 'he' deals with all HTML entities, providing a broader scope of functionality for encoding and decoding HTML content.
Similar to 'he', the 'entities' package provides comprehensive support for encoding and decoding HTML entities. It offers more extensive support compared to character-reference-invalid, which is specialized in handling invalid references.
Map of invalid numeric character references to their replacements, according to HTML.
This is a map from the HTML spec of C1 ASCII/Unicode control
characters (which are disallowed by HTML) to the characters those code points
would have in Windows 1252.
For example, U+0080 (Padding Character) maps to €
, because that’s used for
0x80 in Windows 1252.
Probably never, unless you’re dealing with parsing HTML or similar XML-like things, or in a place where Unicode is not the primary encoding (it is in most places).
This package is ESM only. In Node.js (version 12.20+, 14.14+, or 16.0+), install with npm:
npm install character-reference-invalid
In Deno with Skypack:
import {characterReferenceInvalid} from 'https://cdn.skypack.dev/character-reference-invalid@2?dts'
In browsers with Skypack:
<script type="module">
import {characterReferenceInvalid} from 'https://cdn.skypack.dev/character-reference-invalid@2?min'
</script>
import {characterReferenceInvalid} from 'character-reference-invalid'
console.log(characterReferenceInvalid[0x80]) // => '€'
console.log(characterReferenceInvalid[0x89]) // => '‰'
console.log(characterReferenceInvalid[0x99]) // => '™'
This package exports the following identifiers: characterReferenceInvalid
.
There is no default export.
characterReferenceInvalid
Record<number, string>
— mapping between invalid numeric character reference
codes to replacements characters.
See html.spec.whatwg.org
.
This package is fully typed with TypeScript.
This package is at least compatible with all maintained versions of Node.js. As of now, that is Node.js 12.20+, 14.14+, and 16.0+. It also works in Deno and modern browsers.
This package is safe.
wooorm/character-entities
— HTML character entity infowooorm/character-entities-html4
— HTML 4 character entity infowooorm/character-entities-legacy
— legacy character entity infowooorm/parse-entities
— parse HTML character referenceswooorm/stringify-entities
— serialize HTML character referencesYes please! See How to Contribute to Open Source.
FAQs
Map of invalid numeric character references to their replacements, according to HTML
We found that character-reference-invalid demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.