micromark-util-sanitize-uri

micromark utility to sanitize urls

Downloads in past

Stats

StarsIssuesVersionUpdatedCreatedSize
micromark-util-sanitize-uri
2.0.09 months ago3 years agoMinified + gzip package size for micromark-util-sanitize-uri in KB

Readme

micromark-util-sanitize-uri
!Buildbuild-badgebuild !Coveragecoverage-badgecoverage !Downloadsdownloads-badgedownloads !Sizebundle-size-badgebundle-size !Sponsorssponsors-badgeopencollective !Backersbackers-badgeopencollective !Chatchat-badgechat
micromark utility to sanitize urls.

Contents

*   [`normalizeUri(value)`](#normalizeurivalue)
*   [`sanitizeUri(url[, pattern])`](#sanitizeuriurl-pattern)

What is this?

This package exposes an algorithm to make URLs safe.

When should I use this?

This package might be useful when you are making your own micromark extensions.

Install

This package is ESM onlyesm. In Node.js (version 16+), install with npm:
npm install micromark-util-sanitize-uri

In Deno with esm.shesmsh:
import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1'

In browsers with esm.shesmsh:
<script type="module">
  import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1?bundle'
</script>

Use

import {sanitizeUri} from 'micromark-util-sanitize-uri'

sanitizeUri('https://example.com/a&b') // 'https://example.com/a&amp;b'
sanitizeUri('https://example.com/a%b') // 'https://example.com/a%25b'
sanitizeUri('https://example.com/a%20b') // 'https://example.com/a%20b'
sanitizeUri('https://example.com/👍') // 'https://example.com/%F0%9F%91%8D'
sanitizeUri('https://example.com/', /^https?$/i) // 'https://example.com/'
sanitizeUri('javascript:alert(1)', /^https?$/i) // ''
sanitizeUri('./example.jpg', /^https?$/i) // './example.jpg'
sanitizeUri('#a', /^https?$/i) // '#a'

API

This module exports the identifiers normalizeUriapi-normalize-uri and sanitizeUriapi-sanitize-uri. There is no default export.

normalizeUri(value)

Normalize a URL.
Encode unsafe characters with percent-encoding, skipping already encoded sequences.
Parameters
  • value (string)
— URI to normalize
Returns
Normalized URI (string).

sanitizeUri(url[, pattern])

Make a value safe for injection as a URL.
This encodes unsafe characters with percent-encoding and skips already encoded sequences (see normalizeUriapi-normalize-uri). Further unsafe characters are encoded as character references (see micromark-util-encodemicromark-util-encode).
A regex of allowed protocols can be given, in which case the URL is sanitized. For example, /^(https?|ircs?|mailto|xmpp)$/i can be used for a[href], or /^https?$/i for img[src] (this is what github.com allows). If the URL includes an unknown protocol (one not matched by protocol, such as a dangerous example, javascript:), the value is ignored.
Parameters
  • url (string)
— URI to sanitize
  • pattern (RegExp, optional)
— allowed protocols
Returns
Sanitized URI (string).

Types

This package is fully typed with TypeScript. It exports no additional types.

Compatibility

Projects maintained by the unified collective are compatible with maintained versions of Node.js.
When we cut a new major release, we drop support for unmaintained versions of Node. This means we try to keep the current release line, micromark-util-sanitize-uri@^2, compatible with Node.js 16. This package works with micromark@^3.

Security

This package is safe. See security.mdsecuritymd in micromark/.githubhealth for how to submit a security report.

Contribute

See contributing.mdcontributing in micromark/.githubhealth for ways to get started. See support.mdsupport for ways to get help.
This project has a code of conductcoc. By interacting with this repository, organisation, or community you agree to abide by its terms.

License

MITlicense © Titus Wormerauthor