form-text-sanitizer is a super-fast string sanitizer checking for HTML, SVG, ERB, and Mustache Expressions that may be contained inside input text. It is intended to prevent XSS Attacks.

Usage

Installation:

npm i form-text-sanitizer

Import the checkAndSanitizeString function to your JavaScript file:

import checkAndSanitizeString from "form-text-sanitizer";

Input the string you wish to sanitize and (optionally) destructure the response:

const { originalString, suggestedString, matches } = checkAndSanitizeString("My message: <Script>alert('XSS')</SCRIPT>End message.");

In the above example the response will be:

  {
    originalString: "My message: <script>alert('XSS')</SCRIPT>End message.",
    suggestedString: "My message: End message.",
    matches: ["<script>alert('XSS')</SCRIPT>"]
  }

originalString - User input string

suggestedString - Sanitized string

matches - Array of string(s) that are potentially malicious. This can be empty if no such strings are detected. In this case, suggestedString and originalString will be the same.

Keywords

FAQs

What is form-text-sanitizer?

Is form-text-sanitizer popular?

Is form-text-sanitizer well maintained?

Package last updated on 05 Mar 2025

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install