-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy pathsanitize.js
More file actions
75 lines (66 loc) · 1.69 KB
/
sanitize.js
File metadata and controls
75 lines (66 loc) · 1.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
// https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html
const RULES = [
{ char: "&", value: "&" },
{ char: "<", value: "<" },
{ char: ">", value: ">" },
{ char: '"', value: """ },
{ char: "'", value: "'" },
{ char: "/", value: "/" },
{ char: "`", value: "`" },
//{ char: "$", value: "$" } npm test fails with this enabled... Why?!
];
/**
* @function encode
* Encode/replace a string
*
* @param {String} str String to encode
* @param {Array} rules Additional array of rules to apply
*
* @returns {String} Returns the encoded string
*
* @example
* ```js *
* const { encode } = require(".../helper/sanitize");
*
* encode("<harmful> ../../etc/passwd string"); // <harmful> ../../etc/passwd string
* ```
*/
function encode(str, rules = []) {
return [
...RULES,
...rules
].reduce((cur, prev) => {
let regex = new RegExp(prev.char, "gi");
return cur.replace(regex, prev.value);
}, str).trim();
}
/**
* @function decode
* Decode a encoded string
*
* @param {String} str Input string
* @param {Array} rules Additional array of rules to apply
*
* @returns {String} Returns the decoded string
*
* @example
* ```js
* const { decode } = require(".../helper/sanitize");
*
* decode("> Hello World <"); // > Hello World <
* ```
*/
function decode(str, rules = []) {
return [
...RULES,
...rules
].reduce((cur, prev) => {
let regex = new RegExp(prev.value, "gi");
return cur.replace(regex, prev.char);
}, str).trim();
}
module.exports = {
encode,
decode,
RULES
};