Not able to sanitize URL : http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E using bleach #14
Comments
|
You need to decode the URI. There are two globals for that in JS: see in action: const {sanitize} = require('bleach');
const unsafe_uri = 'http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E';
const sanitizeUri = uri => {
let decodedUri = decodeURI(uri);
let sanitized = sanitize(decodedUri);
let sanitized_and_encoded = encodeURI(sanitized);
return sanitized_and_encoded;
};
var safe_uri = sanitizeUri(unsafe_uri);
console.log(safe_uri);or if you can or want to be more precize in what to sanitize: const {sanitize} = require('bleach'),
url = require("url");
const unsafe_uri = 'http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E';
const sanitizeUri = (uri, options = {
component: "pathname",
encode: "none"
}) => {
let urlObject = url.parse(uri);
let compenentString = urlObject[options.component];
compenentString = decodeURIComponent(compenentString);
compenentString = sanitize(compenentString);
if(options.encode === "full") compenentString = encodeURI(compenentString);
else if (options.encode === "component") compenentString = encodeURIComponent(compenentString);
urlObject[options.component] = compenentString;
return url.format(urlObject);
};
var safe_uri = sanitizeUri(unsafe_uri, {
component: "pathname",
encode: "full"
});
console.log(safe_uri); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
I am not able to sanitize encoded URL as see below:
http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E.
we are also to sanitize if url is coming as : http://localhost:3000/tv/<script>asd12569</script>
Can you please help on this how this can be sanitize as from request itself we are getting URL in this manner.
The text was updated successfully, but these errors were encountered: