joi-plus - npm Package Compare versions

Comparing version 1.1.1 to 1.1.2

index.js

 'use strict';
 
 const Joi = require('@hapi/joi');
+
 module.exports = Joi.extend(
@@ -5,0 +6,0 @@ require('./libraries/string'),

libraries/string.js

 'use strict';
-
 const alpha2 = require('../libraries/alpha-2');
 const alpha3 = require('../libraries/alpha-3');
 
+const clean = /^[^><\\\`{}]+$/;
+const escape = /^(?=.*[&"'<>`/\\]).*$/;
+const unescape = /&amp;|&gt;|&lt;|&quot;|&#36;|&#47;|&#92;|&#96;/;
+const alpha = /^[a-zA-Z]+$/;
+const numeric = /^[0-9]+$/;
 const base32 = /^[A-Z2-7]+=*$/;
-const numeric = /^[0-9]+$/;
-const password = /^.*[ -~]$/;
+const password = /^[ -~]+$/;
 
@@ -15,2 +18,6 @@ module.exports = (joi) => {
 		messages: {
+			'string.clean': '"{{#label}}" contains illegal characters: > < \\ ` } {',
+			'string.escape': '"{{#label}}" contains characters that need to escape: & > < " \' / \\ `',
+			'string.unescape': '"{{#label}}" contains HTML entities that need to unescape: &amp; | &gt; | &lt; | &quot; | &#36; | &#47; | &#92; | &#96;',
+			'string.alpha': '"{{#label}}" must only contain alphabetic characters',
 			'string.numeric': '"{{#label}}" must only contain numeric characters',
@@ -21,15 +28,81 @@ 'string.base32': '"{{#label}}" must be a valid base32 string',
 		},
+		coerce(value, helpers) {
+			if (helpers.schema.$_getRule('escape')) {
+				value = value.replace(/&/g, '&amp;')
+							.replace(/>/g, '&gt;')
+							.replace(/</g, '&lt;')
+							.replace(/"/g, '&quot;')
+							.replace(/'/g, '&#36;')
+							.replace(/\//g, '&#47;')
+							.replace(/\\/g, '&#92;')
+							.replace(/`/g, '&#96;');
+			}
+			if (helpers.schema.$_getRule('unescape')) {
+				value = value.replace(/&amp;/g, '&')
+							.replace(/&gt;/g, '>')
+							.replace(/&lt;/g, '<')
+							.replace(/&quot;/g, '"')
+							.replace(/&#36;/g, "'")
+							.replace(/&#47;/g, '/')
+							.replace(/&#92;/g, '\\')
+							.replace(/&#96;/g, '`');
+			}
+			return { value };
+		},
 		rules: {
+			clean: {
+				validate: (value, helpers, args, options) => {
+					if (clean.test(value)) {
+						return value;
+					}
+					return helpers.error('string.clean');
+				}
+			},
 			escape: {
+				convert: true,
+				method() {
+					return this.$_addRule('escape');
+				},
 				validate: (value, helpers, args, options) => {
-					return value.replace(/&/g, '&amp;')
-							.replace(/"/g, '&quot;')
-							.replace(/'/g, '&#x27;')
-							.replace(/</g, '&lt;')
-							.replace(/>/g, '&gt;')
-							.replace(/\//g, '&#x2F;')
-							.replace(/\\/g, '&#x5C;')
-							.replace(/`/g, '&#96;');
+					if (!escape.test(value)) {
+						return value;
+					}
+					return helpers.error('string.escape');
 				}
 			},
+			unescape: {
+				convert: true,
+				method() {
+					return this.$_addRule('unescape');
+				},
+				validate: (value, helpers, args, options) => {
+					if (!unescape.test(value)) {
+						return value;
+					}
+					return helpers.error('string.unescape');
+				}
+			},
+			sanitize: {
+				method(sanitizer) {
+					return this.$_addRule({ name: 'sanitize', args: { sanitizer } });
+				},
+				args: [
+					{
+						name: 'sanitizer',
+						assert: (value) => typeof value === 'function',
+						message: 'must be a function'
+					}
+				],
+				validate: (value, helpers, args, options) => {
+					return args.sanitizer(value);
+				}
+			},
+			alpha: {
+				validate: (value, helpers, args, options) => {
+					if (alpha.test(value)) {
+						return value;
+					}
+					return helpers.error('string.alpha');
+				}
+			},
 			numeric: {
@@ -36,0 +109,0 @@ validate: (value, helpers, args, options) => {

package.json

 {
 	"name": "joi-plus",
-	"version": "1.1.1",
+	"version": "1.1.2",
 	"description": "Joi with extra rules for string and array.",
@@ -16,12 +16,12 @@ "repository": "git://github.com/flamehamster/joi-plus",
 		"validation",
+		"escape",
+		"sanitize",
+		"alpha",
 		"numeric",
+		"base32",
 		"password",
-		"escape",
-		"sanitize",
 		"country",
 		"iso 3166",
-		"country code",
-		"match",
 		"array"
 	]
 }

README.md

@@ -9,23 +9,33 @@ # Joi-Plus
 * Joi.string().escape()
-	-- replace `<`, `>`, `&`, `'`, `"`, `/` and `\` with HTML entities.
+	* replace `&`, `>`, `<`, `"`, `'`, `\`, `/` and `` ` `` with HTML entities.
 
+* Joi.string().unescape()
+	* replace `&amp;` | `&gt;` | `&lt;` | `&quot;` | `&#36;` | `&#47;` | `&#92;` | `&#96;` HTML entities with characters.
+
+* Joi.string().sanitize(function)
+	* sanitize string using the function that takes a string as a parameter.
+	* returns sanitize string
+
+* Joi.string().alpha()
+	* Requires the string value to only contain alphabetic characters.
+
 * Joi.string().numeric()
-	-- Requires the string value to only contain 0-9.
+	* Requires the string value to only contain numeric characters.
 
 * Joi.string().base32()
-	-- Requires the value to be a valid base32 string.
+	* Requires the value to be a valid base32 string.
 
 * Joi.string().countryCode(type)
-	-- Requires the value to be a valid ISO `alpha-2` or ISO `alpha-3` country code.
+	* Requires the value to be a valid ISO `alpha-2` or ISO `alpha-3` country code.
 
 * Joi.string().password(rules)
-	-- Requires the string value to match rules.
+	* Requires the string value to match rules.
 
 * Joi.string().match(reference)
-	-- Requires the string value to match the reference.
-	-- Removed after validation.
+	* Requires the string value to match the reference.
+	* Removed after validation.
 
 * Joi.array().inList(list, [label])
-	-- Requires the value in array to match the list.
-	-- Overrides the key name for value in error messages.
+	* Requires the value in array to match the list.
+	* Overrides the key name for value in error messages.
 
@@ -67,2 +77,12 @@ ## Quick Start
 
+	username: Joi.string()
+		.min(2)
+		.max(20)
+		.alpha()
+		.required(),
+
+	base32_encoded: Joi.string()
+		.base32()
+		.required(),
+
 	country: Joi.string()
@@ -81,3 +101,3 @@ .countryCode('alpha-2')
 		.required()
-})
+});
 ```
@@ -96,3 +116,3 @@
 	* must contains at least one special character
-		* _space_ ! " # $ % & ' ( ) * + , - . : ; < = > ? @ [ \ ] ^ _ ` { | } ~ 
+		* _space_ ! " # $ % & ' ( ) * + , - . : ; < = > ? @ [ \ ] ^ _ \` { | } ~ 
 * `repeat_password`
@@ -102,2 +122,9 @@ * a required string
 	* will be removed after validation
+* `username`
+	* a required string
+	* at least 8 characters long but no more than 20
+	* must contain only alphabetic characters
+* `base32_encoded`
+	* a required string
+	* a valid base32 string
 * `country`
@@ -108,6 +135,39 @@ * a required string
 	* a required string
-	* at least 8 characters long but no more than 20
+	* at least 2 characters long but no more than 20
 	* must contain only numeric characters
 * `fav_animals`
 	* a required array
-	* must be one of [dog, cat, lion, tiger, elephant, hippo]
+	* must be one of [dog, cat, lion, tiger, elephant, hippo]
+
+#### Sanitize
+Using Joi.string().sanitize() with sanitization libraries such as [sanitize-html](https://www.npmjs.com/package/sanitize-html)
+
+```js
+const sanitizeHtml = require('sanitize-html');
+
+const schema = Joi.object({
+	escape: Joi.string()
+		.escape(),
+
+	unescape: Joi.string()
+		.unescape(),
+
+	sanitize: Joi.string()
+		.sanitize(sanitizeHtml)
+});
+
+let { error, value } = schema.validate({
+	escape: '<escape>',
+	unescape: '&lt;unescape&gt;',
+	sanitize: 'Hello,<script>evil()</script> I am Good.'
+});
+
+console.log(value);
+/*
+{
+	escape: '&lt;escape&gt;',
+	unescape: '<unescape>',
+	sanitize: 'Hello, I am Good.'
+}
+*/
+```

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

14075

increased by34.33%

Lines of code

268

increased by38.14%

Number of lines in readme file

167

increased by56.07%

No dependency changes