sanitized - npm Package Compare versions

sanitized

Package Overview

Dependencies

114

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.1.5 to 1.1.6

index.js

		const DOMPurify = require("dompurify");
		const { decode } = require("he");
		const he = require("he");

		@@ -7,10 +7,10 @@ let sanitizer = (dirty) => dirty;
		if (DOMPurify.sanitize) {
		sanitizer = (dirty, options) => decode(DOMPurify.sanitize(dirty, options));
		sanitizer = (dirty, options) => he.decode(DOMPurify.sanitize(dirty, options));
		} else {
		try {
		const { JSDOM } = require("jsdom");
		const { window } = new JSDOM("<!DOCTYPE html>");
		DOMPurifyWindow = DOMPurify(window);
		const jsdom = require("jsdom");
		const JSDOM = new jsdom.JSDOM("<!DOCTYPE html>");
		const DOMPurifyWindow = DOMPurify(JSDOM.window);
		sanitizer = (dirty, options) =>
		decode(DOMPurifyWindow.sanitize(dirty, options));
		he.decode(DOMPurifyWindow.sanitize(dirty, options));
		} catch (error) {
		@@ -21,30 +21,19 @@ console.error(error);

		function sanitize(dirty, DOMPurifyOptions, callback) {
		function sanitized(dirty, DOMPurifyOptions, errorHandler) {
		try {
		if (typeof dirty === "string")
		return sanitizer(dirty, DOMPurifyOptions, callback);
		let clone = JSON.parse(JSON.stringify(dirty));

		if (dirty && dirty.constructor === Array) {
		let clone = [].concat(dirty);
		for (let i = 0; i < clone.length; i++) {
		clone[i] = sanitize(clone[i], DOMPurifyOptions, callback);
		}
		return clone;
		}
		if (typeof clone === "string") clone = sanitizer(clone, DOMPurifyOptions);

		if (dirty && dirty.constructor === Object) {
		let clone = JSON.parse(JSON.stringify(dirty));
		let cloneKeys = Object.keys(clone);
		for (let i = 0; i < cloneKeys.length; i++) {
		const cloneKey = cloneKeys[i];
		clone[cloneKey] = sanitize(clone[cloneKey], DOMPurifyOptions, callback);
		}
		return clone;
		}
		if (clone instanceof Array)
		for (let i = 0; i < clone.length; i++)
		clone[i] = sanitized(clone[i], DOMPurifyOptions);

		if (callback) callback(null, dirty);
		if (clone instanceof Object)
		for (cloneKey of Object.keys(clone))
		clone[cloneKey] = sanitized(clone[cloneKey], DOMPurifyOptions);

		return dirty;
		return clone;
		} catch (err) {
		if (callback) callback(err);
		if (errorHandler) errorHandler(err);

		@@ -55,2 +44,2 @@ return dirty;

		module.exports = sanitize;
		module.exports = sanitized;

package.json

		{
		"name": "sanitized",
		"version": "1.1.5",
		"description": "Recursive function that'll sanitize a string or ALL strings in an object or array.",
		"version": "1.1.6",
		"description": "Recursive function that'll sanitize a string or ALL strings in a json input.",
		"main": "index.js",
		@@ -25,6 +25,6 @@ "scripts": {
		"dependencies": {
		"dompurify": "^2.3.3",
		"dompurify": "^2.3.6",
		"he": "^1.2.0",
		"jsdom": "^17.0.0"
		"jsdom": "^19.0.0"
		}
		}

README.md

		# sanitized

		sanitized() is a recursive function that'll sanitize a string or ALL strings in an object or array. It's great for sanitizing form data before it gets submitted to the back-end (re: protection against XSS attacks).
		sanitized() is a recursive function that'll sanitize a string or ALL strings in a json input. It's great for sanitizing form data before it gets submitted to the back-end (re: protection against XSS attacks).

		@@ -21,9 +21,9 @@ It accepts two params the first being the value to sanitize, and the second being options to pass to [DOMPurify](https://www.npmjs.com/package/dompurify).
		const test = [
		"<svg><g/onload=alert(2)//<p>",
		{
		name1: [
		'<math><mi//xlink:href="data:x,<script>alert(4)</script>">',
		{ name2: "<p>abc<iframe//src=jAva&Tab;script:alert(3)>def" },
		],
		},
		"<svg><g/onload=alert(2)//<p>",
		{
		name1: [
		'<math><mi//xlink:href="data:x,<script>alert(4)</script>">',
		{ name2: "<p>abc<iframe//src=jAva&Tab;script:alert(3)>def" },
		],
		},
		];
		@@ -30,0 +30,0 @@

Worsened metrics

Dependency changes