New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
express-sanitize-escape
Advanced tools
express-sanitize-escape - npm Package Compare versions
Comparing version 0.6.3 to 1.0.0
@@ -25,3 +25,3 @@ /*! | ||
| */ | ||
| module.exports = function expressSanitized() { | ||
| exports.middleware = function expressSanitized() { | ||
@@ -41,3 +41,3 @@ return function expressSanitized(req, res, next) { | ||
| module.exports.sanitizeParams = function(router, paramNames) | ||
| exports.sanitizeParams = function(router, paramNames) | ||
| { | ||
@@ -53,3 +53,3 @@ paramNames.forEach(function(paramName) | ||
| }); | ||
| } | ||
| }; | ||
@@ -68,1 +68,14 @@ function sanitize(obj) { | ||
| } | ||
| exports.htmlDecodeBody = function htmlDecodeBody(obj) { | ||
| if (typeof obj === 'string') { | ||
| return htmlencode.htmlDecode(sanitizer.sanitize(obj)); | ||
| } | ||
| if (obj instanceof Object) { | ||
| Object.keys(obj).forEach(function(prop) { | ||
| obj[prop] = exports.htmlDecodeBody(obj[prop]); | ||
| }); | ||
| return obj; | ||
| } | ||
| return obj; | ||
| }; |
| { | ||
| "name": "express-sanitize-escape", | ||
| "description": "Express middleware for the sanitizer module using Caja's HTML Sanitizer and HTML escape using htmlencode.", | ||
| "version": "0.6.3", | ||
| "version": "1.0.0", | ||
| "author": "Justin Hamade <justin@fingerfoodstudios.com>", | ||
@@ -6,0 +6,0 @@ "homepage": "https://github.com/fingerfoodstudios/express-sanitize-esacpe", |
@@ -81,2 +81,9 @@ # express-sanitized | ||
| ### v1.0.0 | ||
| - This is a breaking change. | ||
| - Change to use exports instead of module exports | ||
| - Middleware is now `exports.middleware so app.use(expressSanitized())` is now `app.use(expressSanitized.middleware())` | ||
| - Added a function to decode the body `expressSanitized.htmlDecodeBody()` | ||
| - Added tests for unicode characters | ||
| ### v0.6.3 | ||
@@ -83,0 +90,0 @@ - Added function to sanitize request params of a router |
@@ -16,3 +16,3 @@ /** | ||
| app.use(bodyParser.json()); | ||
| app.use(expressSanitized()); // this line follows express.bodyParser() | ||
| app.use(expressSanitized.middleware()); // this line follows express.bodyParser() | ||
@@ -45,3 +45,3 @@ app.post('/test', function(req, res){ | ||
| .post('/test') | ||
| .send({hasHtmlEntities: '< > \' " &'}) | ||
| .send({hasHtmlEntities: '< > \' " & ä 汉语'}) | ||
| .expect('Content-Type', /json/) | ||
@@ -52,3 +52,4 @@ .expect(200) | ||
| try { | ||
| res.body.should.have.property('hasHtmlEntities', '< > ' " &'); | ||
| res.body.should.have.property('hasHtmlEntities', '< > ' " & ä 汉语'); | ||
| expressSanitized.htmlDecodeBody(res.body).should.have.property('hasHtmlEntities', '< > \' " & ä 汉语'); | ||
| done(); | ||
@@ -55,0 +56,0 @@ } catch (err) { |
Fixed alerts
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by9%
10317
- Lines of code
- increased by9.92%
144
- Number of low quality alerts
- decreased by-50%
1
- Number of lines in readme file
- increased by6.54%
114
No dependency changes