micromark-util-sanitize-uri
!Buildbuild-badgebuild
!Coveragecoverage-badgecoverage
!Downloadsdownloads-badgedownloads
!Sizebundle-size-badgebundle-size
!Sponsorssponsors-badgeopencollective
!Backersbackers-badgeopencollective
!Chatchat-badgechatmicromark utility to sanitize urls.
Contents
* [`normalizeUri(value)`](#normalizeurivalue)
* [`sanitizeUri(url[, pattern])`](#sanitizeuriurl-pattern)
What is this?
This package exposes an algorithm to make URLs safe.When should I use this?
This package might be useful when you are making your own micromark extensions.Install
This package is ESM onlyesm. In Node.js (version 16+), install with npm:npm install micromark-util-sanitize-uri
In Deno with
esm.sh
esmsh:import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1'
In browsers with
esm.sh
esmsh:<script type="module">
import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1?bundle'
</script>
Use
import {sanitizeUri} from 'micromark-util-sanitize-uri'
sanitizeUri('https://example.com/a&b') // 'https://example.com/a&b'
sanitizeUri('https://example.com/a%b') // 'https://example.com/a%25b'
sanitizeUri('https://example.com/a%20b') // 'https://example.com/a%20b'
sanitizeUri('https://example.com/👍') // 'https://example.com/%F0%9F%91%8D'
sanitizeUri('https://example.com/', /^https?$/i) // 'https://example.com/'
sanitizeUri('javascript:alert(1)', /^https?$/i) // ''
sanitizeUri('./example.jpg', /^https?$/i) // './example.jpg'
sanitizeUri('#a', /^https?$/i) // '#a'
API
This module exports the identifiersnormalizeUri
api-normalize-uri and
sanitizeUri
api-sanitize-uri.
There is no default export.normalizeUri(value)
Normalize a URL.Encode unsafe characters with percent-encoding, skipping already encoded sequences.
Parameters
value
(string
)
— URI to normalize
Returns
Normalized URI (string
).sanitizeUri(url[, pattern])
Make a value safe for injection as a URL.This encodes unsafe characters with percent-encoding and skips already encoded sequences (see
normalizeUri
api-normalize-uri).
Further unsafe characters are encoded as character references (see
micromark-util-encode
micromark-util-encode).A regex of allowed protocols can be given, in which case the URL is sanitized. For example,
/^(https?|ircs?|mailto|xmpp)$/i
can be used for a[href]
, or
/^https?$/i
for img[src]
(this is what github.com
allows).
If the URL includes an unknown protocol (one not matched by protocol
, such
as a dangerous example, javascript:
), the value is ignored.Parameters
url
(string
)
— URI to sanitize
pattern
(RegExp
, optional)
— allowed protocols
Returns
Sanitized URI (string
).Types
This package is fully typed with TypeScript. It exports no additional types.Compatibility
Projects maintained by the unified collective are compatible with maintained versions of Node.js.When we cut a new major release, we drop support for unmaintained versions of Node. This means we try to keep the current release line,
micromark-util-sanitize-uri@^2
, compatible with Node.js 16.
This package works with micromark@^3
.Security
This package is safe. Seesecurity.md
securitymd in micromark/.github
health for how to
submit a security report.Contribute
Seecontributing.md
contributing in micromark/.github
health for ways
to get started.
See support.md
support for ways to get help.This project has a code of conductcoc. By interacting with this repository, organisation, or community you agree to abide by its terms.