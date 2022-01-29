micromark utility to sanitize urls.

Contents

Install

npm:

npm install micromark-util-sanitize-uri

Use

import {sanitizeUri} from 'micromark-util-sanitize-uri' sanitizeUri( 'https://example.com/a&b' ) sanitizeUri( 'https://example.com/a%b' ) sanitizeUri( 'https://example.com/a%20b' ) sanitizeUri( 'https://example.com/👍' ) sanitizeUri( 'https://example.com/' , /^https?$/i) sanitizeUri( 'javascript:alert(1)' , /^https?$/i) sanitizeUri( './example.jpg' , /^https?$/i) sanitizeUri( '#a' , /^https?$/i)

API

This module exports the following identifiers: sanitizeUri . There is no default export.

Make a value safe for injection as a URL.

This encodes unsafe characters with percent-encoding and skips already encoded sequences (see normalizeUri internally). Further unsafe characters are encoded as character references (see micromark-util-encode ).

A regex of allowed protocols can be given, in which case the URL is sanitized. For example, /^(https?|ircs?|mailto|xmpp)$/i can be used for a[href] , or /^https?$/i for img[src] (this is what github.com allows). If the URL includes an unknown protocol (one not matched by protocol , such as a dangerous example, javascript: ), the value is ignored.

Parameters

url ( string ) — URI to sanitize.

( ) — URI to sanitize. pattern ( RegExp , optional) — Allowed protocols.

Returns

string — Sanitized URI.

