@robinpath/sanitize
0.1.1Node.jsPublicInput sanitization utilities for security: HTML escaping, XSS prevention, SQL escaping, filename and path sanitization, URL cleaning, and more
Sanitize
Input sanitization utilities for security: HTML escaping, XSS prevention, SQL escaping, filename and path sanitization, URL cleaning, and more
Package: @robinpath/sanitize | Category: Utility | Type: Utility
Authentication
No authentication required. All functions are available immediately.
Use Cases
Use the sanitize module when you need to:
- Strip or escape HTML tags from input -- Use
sanitize.htmlto perform this operation - Remove XSS attack vectors from input -- Use
sanitize.xssto perform this operation - Escape SQL special characters to prevent injection -- Use
sanitize.sqlto perform this operation - Escape special regex characters in a string -- Use
sanitize.regexto perform this operation - Sanitize a string for safe use as a filename -- Use
sanitize.filenameto perform this operation
Quick Reference
| Function | Description | Returns |
|---|---|---|
html | Strip or escape HTML tags from input | object |
xss | Remove XSS attack vectors from input | object |
sql | Escape SQL special characters to prevent injection | object |
regex | Escape special regex characters in a string | object |
filename | Sanitize a string for safe use as a filename | object |
path | Prevent path traversal attacks by sanitizing a file path | object |
url | Sanitize a URL, stripping dangerous protocols like javascript: | object |
email | Normalize an email address (lowercase, remove dots/plus aliases for Gmail) | object |
stripTags | Remove all HTML tags from a string, optionally allowing specific tags | object |
escapeHtml | Escape HTML special characters: & < > " ' | object |
unescapeHtml | Unescape HTML entities back to their original characters | object |
trim | Deep trim all string values within an object, array, or string | object |
truncate | Truncate a string to a maximum length with a suffix | object |
alphanumeric | Strip all non-alphanumeric characters from a string | object |
slug | Sanitize a string into a URL-safe slug | object |
Functions
html
Strip or escape HTML tags from input
Module: sanitize | Returns: object -- API response.
sanitize.html
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to sanitize |
mode | string | No | Mode: 'escape' (default) or 'strip' |
xss
Remove XSS attack vectors from input
Module: sanitize | Returns: object -- API response.
sanitize.xss
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to sanitize |
sql
Escape SQL special characters to prevent injection
Module: sanitize | Returns: object -- API response.
sanitize.sql
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to escape |
regex
Escape special regex characters in a string
Module: sanitize | Returns: object -- API response.
sanitize.regex
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to escape |
filename
Sanitize a string for safe use as a filename
Module: sanitize | Returns: object -- API response.
sanitize.filename
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The filename to sanitize |
replacement | string | No | Replacement character for invalid chars (default: '_') |
path
Prevent path traversal attacks by sanitizing a file path
Module: sanitize | Returns: object -- API response.
sanitize.path
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The path to sanitize |
url
Sanitize a URL, stripping dangerous protocols like javascript:
Module: sanitize | Returns: object -- API response.
sanitize.url
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The URL to sanitize |
Normalize an email address (lowercase, remove dots/plus aliases for Gmail)
Module: sanitize | Returns: object -- API response.
sanitize.email
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The email to normalize |
stripTags
Remove all HTML tags from a string, optionally allowing specific tags
Module: sanitize | Returns: object -- API response.
sanitize.stripTags
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to strip tags from |
allowed | string | No | Allowed tags, e.g. '<b><i><a>' |
escapeHtml
Escape HTML special characters: & < > " '
Module: sanitize | Returns: object -- API response.
sanitize.escapeHtml
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to escape |
unescapeHtml
Unescape HTML entities back to their original characters
Module: sanitize | Returns: object -- API response.
sanitize.unescapeHtml
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to unescape |
trim
Deep trim all string values within an object, array, or string
Module: sanitize | Returns: object -- API response.
sanitize.trim
| Parameter | Type | Required | Description |
|---|---|---|---|
value | any | Yes | The value to deep-trim |
truncate
Truncate a string to a maximum length with a suffix
Module: sanitize | Returns: object -- API response.
sanitize.truncate
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to truncate |
maxLength | number | No | Maximum length (default: 100) |
suffix | string | No | Suffix to append when truncated (default: '...') |
alphanumeric
Strip all non-alphanumeric characters from a string
Module: sanitize | Returns: object -- API response.
sanitize.alphanumeric
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to sanitize |
allowSpaces | boolean | No | Whether to allow spaces (default: false) |
slug
Sanitize a string into a URL-safe slug
Module: sanitize | Returns: object -- API response.
sanitize.slug
| Parameter | Type | Required | Description |
|---|---|---|---|
input | string | Yes | The string to slugify |
separator | string | No | Separator character (default: '-') |
Error Handling
All functions throw on failure. Common errors:
| Error | Cause |
|---|---|
| (standard errors) | Check function parameters and authentication |
@desc "Html and validate result"
do
set $result as sanitize.html
if $result != null
print "Success"
else
print "No result"
end
enddo
Recipes
1. Multi-step Sanitize workflow
Chain multiple sanitize operations together.
@desc "Html, xss, and more"
do
set $r_html as sanitize.html
set $r_xss as sanitize.xss
set $r_sql as sanitize.sql
print "All operations complete"
enddo
2. Safe html with validation
Check results before proceeding.
@desc "Html and validate result"
do
set $result as sanitize.html
if $result != null
print "Success: " + $result
else
print "Operation returned no data"
end
enddo
Related Modules
- json -- JSON module for complementary functionality
Versions (1)
| Version | Tag | Published |
|---|---|---|
| 0.1.1 | latest | 1 months ago |
Related Modules
@robinpathv0.1.4
SMTP email sending and address parsing for RobinPath
hash
JS@robinpathv0.1.3
Cryptographic hashing utilities: MD5, SHA family, HMAC, CRC32, file hashing, UUID v5 generation, secure random bytes, and content fingerprinting
csv
JS@robinpathv0.1.2
Parse and stringify CSV data
apollo
JS@robinpathv0.1.2
Apollo module for RobinPath.
$ robinpath add @robinpath/sanitize