ldap-escape
Template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks.
Uses the escape codes from Active Directory: Characters to Escape.
Installation
npm install --save ldap-escape
Specification
escapes for search filter
Character | Escape |
---|
* | \2A |
( | \28 |
) | \29 |
\ | \5C |
NUL | \00 |
escapes for distinguished names
Character | Escape |
---|
, | \, |
\ | \\ |
# | \# |
+ | \+ |
< | \< |
> | \> |
; | \; |
" | \" |
= | \= |
SPC (leading or trailing) | \ |
Template Literal Tag Functions
ldapEscape.filter
Escapes input for use as an LDAP filter.
ldapEscape.dn
Escapes input for use as an LDAP distinguished name.
Examples
Escape a Search Filter
"use strict";
const ldapEscape = require('ldap-escape');
const uid = 1337;
console.log(ldapEscape.filter`uid=${uid}`); // -> '(uid=1337)'
Escape a DN
"use strict";
const ldapEscape = require('ldap-escape');
const cn = 'alice';
console.log(ldapEscape.dn`cn=${cn},dc=test`); // -> 'cn=alice,dc=test'
Testing
npm test
License
See LICENSE.md