url-sanitizer
Advanced tools
URL sanitizer for Node.js (>=18), browsers and web sites. Experimental
npm i url-sanitizer
For browsers and web sites, standalone ESM builds are available in dist/ directory.
Or, download them from Releases.
import urlSanitizer, {
isURI, isURISync, sanitizeURL, sanitizeURLSync
} from 'url-sanitizer';
Sanitize the given URL.
data and file schemes must be explicitly allowed.url string URL input.opt object Options.opt.allow Array<string> Array of allowed schemes, e.g. ['data'].opt.deny Array<string> Array of denied schemes, e.g. ['web+foo'].Returns Promise<string?> Sanitized URL, nullable.
const res1 = await sanitizeURL('http://example.com/?<script>alert(1);</script>')
.then(res => decodeURIComponent(res));
// -> 'http://example.com/?<script>alert(1);</script>'
const res2 = await sanitizeURL('data:text/html,<script>alert(1);</script>', {
allow: ['data']
}).then(res => decodeURIComponent(res));
// -> 'data:text/html,<script>alert(1);</script>'
// Can parse and sanitize base64 encoded data
const base64data3 = btoa('<script>alert(1);</script>');
const res3 = await sanitizeURL(`data:text/html;base64,${base64data3}`, {
allow: ['data']
}).then(res => decodeURIComponent(res));
// -> 'data:text/html,<script>alert(1);</script>'
const res4 = await sanitizeURL('web+foo://example.com', {
deny: ['web+foo']
});
// -> null
Synchronous version of the sanitizeURL().
Determines whether the given URI is valid.
uri string URI input.Returns Promise<boolean> Result.
true for web+* and ext+* schemes.const res1 = await isURI('https://example.com/foo');
// -> true
const res2 = await isURI('mailto:foo@example.com');
// -> true
const res3 = await isURI('foo:bar');
// -> false
const res4 = await isURI('web+foo:bar');
// -> true
Synchronous version of the isURI().
Instance of the sanitizer.
Get an array of URI schemes registered at iana.org.
moz-extension scheme added.Returns Array<string> Array of registered URI schemes.
const schemes = urlSanitizer.get();
// -> ['aaa', 'aaas', 'about', 'acap', 'acct', ...];
Check if the given scheme is registered.
scheme string Scheme.Returns boolean Result.
const res1 = urlSanitizer.has('https');
// -> true
const res2 = urlSanitizer.has('foo');
// -> false
Add a scheme to the list of URI schemes.
javascript and vbscript schemes can not be registered. It throws.scheme string Scheme.Returns Array<string> Array of registered URI schemes.
console.log(isURISync('foo'));
// -> false;
const res = urlSanitizer.add('foo');
// -> ['aaa', 'aaas', 'about', 'acap', ... 'foo', ...];
console.log(isURISync('foo'));
// -> true;
Remove a scheme from the list of URI schemes.
scheme string Scheme.Returns boolean Result.
true if the scheme is successfully removed, false otherwise.console.log(isURISync('aaa'));
// -> true;
const res1 = urlSanitizer.remove('aaa');
// -> true
console.log(isURISync('aaa'));
// -> false;
const res2 = urlSanitizer.remove('foo');
// -> false
FAQs
URL sanitizer for Node.js, browsers and web sites.
The npm package url-sanitizer receives a total of 0 weekly downloads. As such, url-sanitizer popularity was classified as not popular.
We found that url-sanitizer demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
require(esm) backported to Node.js 20, easing the transition to ESM-only packages and reducing complexity for developers as Node 18 nears end-of-life.
Security News
PyPI now supports iOS and Android wheels, making it easier for Python developers to distribute mobile packages.
Security News
Create React App is officially deprecated due to React 19 issues and lack of maintenance—developers should switch to Vite or other modern alternatives.