micromark-util-sanitize-uri
micromark utility to sanitize urls
Last updated 4 years ago by wooorm .
MIT · Repository · Bugs · Original npm 
$ cnpm install micromark-util-sanitize-uri
SYNC missed versions from official npm registry.

micromark-util-sanitize-uri

Build Coverage Downloads Size Sponsors Backers Chat

micromark utility to sanitize urls.

Contents

Install

npm:

npm install micromark-util-sanitize-uri

Use

import {sanitizeUri} from 'micromark-util-sanitize-uri'

sanitizeUri('https://example.com/a&b') // 'https://example.com/a&b'
sanitizeUri('https://example.com/a%b') // 'https://example.com/a%25b'
sanitizeUri('https://example.com/a%20b') // 'https://example.com/a%20b'
sanitizeUri('https://example.com/????') // 'https://example.com/%F0%9F%91%8D'
sanitizeUri('https://example.com/', /^https?$/i) // 'https://example.com/'
sanitizeUri('javascript:alert(1)', /^https?$/i) // ''
sanitizeUri('./example.jpg', /^https?$/i) // './example.jpg'
sanitizeUri('#a', /^https?$/i) // '#a'

API

This module exports the following identifiers: sanitizeUri. There is no default export.

sanitizeUri(url[, pattern])

Make a value safe for injection as a URL.

This encodes unsafe characters with percent-encoding and skips already encoded sequences (see normalizeUri internally). Further unsafe characters are encoded as character references (see micromark-util-encode).

A regex of allowed protocols can be given, in which case the URL is sanitized. For example, /^(https?|ircs?|mailto|xmpp)$/i can be used for a[href], or /^https?$/i for img[src] (this is what github.com allows). If the URL includes an unknown protocol (one not matched by protocol, such as a dangerous example, javascript:), the value is ignored.

Parameters
  • url (string) — URI to sanitize.
  • pattern (RegExp, optional) — Allowed protocols.
Returns

string — Sanitized URI.

Security

See security.md in micromark/.github for how to submit a security report.

Contribute

See contributing.md in micromark/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organisation, or community you agree to abide by its terms.

License

MIT © Titus Wormer

Current Tags

  • 1.1.0                                ...           latest (3 years ago)

3 Versions

  • 1.1.0                                ...           3 years ago
  • 1.0.0-beta.1                                ...           4 years ago
  • 1.0.0                                ...           4 years ago
Maintainers (1)
npm:wooorm
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 0
Dependencies (3)
Dev Dependencies (0)
None
Dependents (0)
None

Copyright 2013 - present © cnpmjs.org