Skip to content

feat(sanitize): add sanitizeHtml, sanitizeJson, and sanitizeUrl utilities #22

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 5 commits into from
Jul 7, 2025
Merged

feat(sanitize): add sanitizeHtml, sanitizeJson, and sanitizeUrl utilities #22

merged 5 commits into from
Jul 7, 2025

Conversation

@bnidev
Copy link
Owner

@bnidev bnidev commented Jul 7, 2025

This PR introduces three new utility functions in the sanitize category to enhance data safety and validation:

  • sanitizeHtml: Cleans HTML strings by allowing only a configurable whitelist of tags and attributes, helping prevent XSS attacks when rendering user-generated content.
  • sanitizeJson: Parses JSON strings safely with optional runtime validation, returning null on invalid input instead of throwing, improving robustness in JSON handling.
  • sanitizeUrl: Validates and sanitizes URLs to allow only safe protocols by default (http, https), preventing potentially dangerous URL schemes and ensuring safer URL usage.

@bnidev bnidev requested a review from Copilot July 7, 2025 19:05
Copilot AI reviewed Jul 7, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR introduces three new sanitization utilities to enhance data safety: sanitizing URLs, JSON strings, and HTML content, along with their corresponding tests and exports.

  • Added sanitizeUrl to validate URL syntax and protocol, with normalization.
  • Added sanitizeJson to safely parse JSON with optional runtime validation.
  • Added sanitizeHtml to strip disallowed HTML tags/attributes and prevent XSS.
  • Updated exports and added tests for all three utilities.

Reviewed Changes

Copilot reviewed 11 out of 11 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/sanitize/sanitizeUrl.ts Implements URL sanitization with protocol allowlist and normalization
src/sanitize/sanitizeJson.ts Implements safe JSON parsing with optional type-guard validation
src/sanitize/sanitizeHtml.ts Implements HTML sanitization by whitelisting tags and attributes
src/sanitize/index.ts Exports all sanitize utilities
src/sanitize/tests/sanitizeUrl.test.ts Tests for URL sanitization behavior
src/sanitize/tests/sanitizeJson.test.ts Tests for JSON sanitization and validation
src/sanitize/tests/sanitizeHtml.test.ts Tests for HTML sanitization scenarios
src/index.ts Adds sanitize category export
.changeset/*.md Adds changelogs for the new sanitize utilities
Comments suppressed due to low confidence (1)

src/sanitize/sanitizeUrl.ts:50

  • Consider adding a test to verify that FTP URLs are accepted and normalized by default, for example: expect(sanitizeUrl('ftp://example.com').success).toBe(true).
  const { allowedProtocols = ['http:', 'https:', 'ftp:'], normalize = true } =

@bnidev bnidev merged commit 3b15f92 into main Jul 7, 2025
9 checks passed
@bnidev bnidev deleted the feat/sanitize-utils branch July 7, 2025 19:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bnidev