main
|
Last change
on this file was d24f17c, checked in by Aleksandar Panovski <apano77@…>, 15 months ago |
|
Initial commit
|
-
Property mode
set to
100644
|
|
File size:
1.3 KB
|
| Rev | Line | |
|---|
| [d24f17c] | 1 | # sanitize-url
|
|---|
| 2 |
|
|---|
| 3 | ## Installation
|
|---|
| 4 |
|
|---|
| 5 | ```sh
|
|---|
| 6 | npm install -S @braintree/sanitize-url
|
|---|
| 7 | ```
|
|---|
| 8 |
|
|---|
| 9 | ## Usage
|
|---|
| 10 |
|
|---|
| 11 | ```js
|
|---|
| 12 | var sanitizeUrl = require("@braintree/sanitize-url").sanitizeUrl;
|
|---|
| 13 |
|
|---|
| 14 | sanitizeUrl("https://example.com"); // 'https://example.com'
|
|---|
| 15 | sanitizeUrl("http://example.com"); // 'http://example.com'
|
|---|
| 16 | sanitizeUrl("www.example.com"); // 'www.example.com'
|
|---|
| 17 | sanitizeUrl("mailto:hello@example.com"); // 'mailto:hello@example.com'
|
|---|
| 18 | sanitizeUrl(
|
|---|
| 19 | "https://example.com"
|
|---|
| 20 | ); // https://example.com
|
|---|
| 21 |
|
|---|
| 22 | sanitizeUrl("javascript:alert(document.domain)"); // 'about:blank'
|
|---|
| 23 | sanitizeUrl("jAvasCrIPT:alert(document.domain)"); // 'about:blank'
|
|---|
| 24 | sanitizeUrl(decodeURIComponent("JaVaScRiP%0at:alert(document.domain)")); // 'about:blank'
|
|---|
| 25 | // HTML encoded javascript:alert('XSS')
|
|---|
| 26 | sanitizeUrl(
|
|---|
| 27 | "javascript:alert('XSS')"
|
|---|
| 28 | ); // 'about:blank'
|
|---|
| 29 | ```
|
|---|
| 30 |
|
|---|
| 31 | ## Testing
|
|---|
| 32 |
|
|---|
| 33 | This library uses [Vitest](https://vitest.dev/). All testing dependencies
|
|---|
| 34 | will be installed upon `npm install` and the test suite can be executed with
|
|---|
| 35 | `npm test`. Running the test suite will also run lint checks upon exiting.
|
|---|
| 36 |
|
|---|
| 37 | npm test
|
|---|
| 38 |
|
|---|
| 39 | To generate a coverage report, use `npm run coverage`.
|
|---|
Note:
See
TracBrowser
for help on using the repository browser.
