JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 9447211
  • Score
    100M100P100Q252151F
  • License MIT

micromark utility to sanitize urls

Package Exports

  • micromark-util-sanitize-uri

Readme

micromark-util-sanitize-uri

Build Coverage Downloads Size Sponsors Backers Chat

micromark utility to sanitize urls.

Contents

Install

This package is ESM only. In Node.js (version 12.20+, 14.14+, 16.0+, 18.0+), install with npm:

npm install micromark-util-sanitize-uri

In Deno with esm.sh:

import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1'

In browsers with esm.sh:

<script type="module">
  import {sanitizeUri} from 'https://esm.sh/micromark-util-sanitize-uri@1?bundle'
</script>

Use

import {sanitizeUri} from 'micromark-util-sanitize-uri'

sanitizeUri('https://example.com/a&amp;b') // 'https://example.com/a&amp;amp;b'
sanitizeUri('https://example.com/a%b') // 'https://example.com/a%25b'
sanitizeUri('https://example.com/a%20b') // 'https://example.com/a%20b'
sanitizeUri('https://example.com/👍') // 'https://example.com/%F0%9F%91%8D'
sanitizeUri('https://example.com/', /^https?$/i) // 'https://example.com/'
sanitizeUri('javascript:alert(1)', /^https?$/i) // ''
sanitizeUri('./example.jpg', /^https?$/i) // './example.jpg'
sanitizeUri('#a', /^https?$/i) // '#a'

API

This module exports the following identifiers: sanitizeUri. There is no default export.

sanitizeUri(url[, pattern])

Make a value safe for injection as a URL.

This encodes unsafe characters with percent-encoding and skips already encoded sequences (see normalizeUri internally). Further unsafe characters are encoded as character references (see micromark-util-encode).

A regex of allowed protocols can be given, in which case the URL is sanitized. For example, /^(https?|ircs?|mailto|xmpp)$/i can be used for a[href], or /^https?$/i for img[src] (this is what github.com allows). If the URL includes an unknown protocol (one not matched by protocol, such as a dangerous example, javascript:), the value is ignored.

Parameters
  • url (string) — URI to sanitize.
  • pattern (RegExp, optional) — Allowed protocols.
Returns

string — Sanitized URI.

normalizeUri(url[, pattern])

Normalize a URL (such as used in definitions).

Encode unsafe characters with percent-encoding, skipping already encoded sequences.

Parameters
  • url (string) — URI to normalize.
Returns

string — Normalized URI.

Security

See security.md in micromark/.github for how to submit a security report.

Contribute

See contributing.md in micromark/.github for ways to get started. See support.md for ways to get help.

This project has a code of conduct. By interacting with this repository, organisation, or community you agree to abide by its terms.

License

MIT © Titus Wormer