Template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks. Uses the escape codes from Active Directory: Characters to Escape.

Installation

npm install --save ldap-escape

Specification

escapes for search filter

Character	Escape
`*`	`\2A`
`(`	`\28`
`)`	`\29`
`\`	`\5C`
`NUL`	`\00`

escapes for distinguished names

Character	Escape
`,`	`\,`
`\`	`\\`
`#`	`\#`
`+`	`\+`
`<`	`\<`
`>`	`\>`
`;`	`\;`
`"`	`\"`
`=`	`\=`
`SPC` (leading or trailing)	`\`

Template Literal Tag Functions

ldapEscape.filter

Escapes input for use as an LDAP filter.

ldapEscape.dn

Escapes input for use as an LDAP distinguished name.

Examples

Escape a Search Filter

"use strict";

const ldapEscape = require('ldap-escape');

const uid = 1337;

console.log(ldapEscape.filter`uid=${uid}`); // -> 'uid=1337'

Escape a DN

"use strict";

const ldapEscape = require('ldap-escape');

const cn = 'alice';

console.log(ldapEscape.dn`cn=${cn},dc=test`); // -> 'cn=alice,dc=test'

Testing

npm test

License

See LICENSE.md

Keywords

FAQs

What is ldap-escape?

Is ldap-escape popular?

Is ldap-escape well maintained?

Last updated on 13 Apr 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

ldap-escape