micromark-util-sanitize-uri
![Chat](https://img.shields.io/badge/chat-discussions-success.svg)
micromark utility to sanitize urls.
Contents
Install
This package is ESM only.
In Node.js (version 12.20+, 14.14+, 16.0+, 18.0+), install with npm:
npm install micromark-util-sanitize-uri
In Deno with esm.sh
:
import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1'
In browsers with esm.sh
:
<script type="module">
import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1?bundle'
</script>
Use
import {sanitizeUri} from 'micromark-util-sanitize-uri'
sanitizeUri('https://example.com/a&b')
sanitizeUri('https://example.com/a%b')
sanitizeUri('https://example.com/a%20b')
sanitizeUri('https://example.com/👍')
sanitizeUri('https://example.com/', /^https?$/i)
sanitizeUri('javascript:alert(1)', /^https?$/i)
sanitizeUri('./example.jpg', /^https?$/i)
sanitizeUri('#a', /^https?$/i)
API
This module exports the following identifiers: sanitizeUri
.
There is no default export.
sanitizeUri(url[, pattern])
Make a value safe for injection as a URL.
This encodes unsafe characters with percent-encoding and skips already
encoded sequences (see normalizeUri
internally).
Further unsafe characters are encoded as character references (see
micromark-util-encode
).
A regex of allowed protocols can be given, in which case the URL is sanitized.
For example, /^(https?|ircs?|mailto|xmpp)$/i
can be used for a[href]
, or
/^https?$/i
for img[src]
(this is what github.com
allows).
If the URL includes an unknown protocol (one not matched by protocol
, such
as a dangerous example, javascript:
), the value is ignored.
Parameters
url
(string
) — URI to sanitize.pattern
(RegExp
, optional) — Allowed protocols.
Returns
string
— Sanitized URI.
normalizeUri(url[, pattern])
Normalize a URL (such as used in definitions).
Encode unsafe characters with percent-encoding, skipping already encoded
sequences.
Parameters
url
(string
) — URI to normalize.
Returns
string
— Normalized URI.
Security
See security.md
in micromark/.github
for how to
submit a security report.
Contribute
See contributing.md
in micromark/.github
for ways
to get started.
See support.md
for ways to get help.
This project has a code of conduct.
By interacting with this repository, organisation, or community you agree to
abide by its terms.
License
MIT © Titus Wormer