Skip to content
/ ldap-escape Public

Escape functions for LDAP filters and distinguished names to prevent LDAP injection attacks.

License

ISC license
10 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tcort/ldap-escape

BranchesTags

Repository files navigation

ldap-escape

Template literal tag functions for LDAP filters and distinguished names to prevent LDAP injection attacks. Uses the escape codes from Active Directory: Characters to Escape.

Installation

npm install --save ldap-escape

Specification

escapes for search filter

Character Escape
* \2A
( \28
) \29
\ \5C
NUL \00

escapes for distinguished names

Character Escape
, \,
\ \\
# \#
+ \+
< \<
> \>
; \;
" \"
= \=
SPC (leading or trailing) \

Template Literal Tag Functions

ldapEscape.filter

Escapes input for use as an LDAP filter.

ldapEscape.dn

Escapes input for use as an LDAP distinguished name.

Examples

Escape a Search Filter

"use strict";

const ldapEscape = require('ldap-escape');

const uid = 1337;

console.log(ldapEscape.filter`uid=${uid}`); // -> 'uid=1337'

Escape a DN

"use strict";

const ldapEscape = require('ldap-escape');

const cn = 'alice';

console.log(ldapEscape.dn`cn=${cn},dc=test`); // -> 'cn=alice,dc=test'

Testing

npm test

License

See LICENSE.md

About

Escape functions for LDAP filters and distinguished names to prevent LDAP injection attacks.

Topics

ldap escape

Resources

Readme

License

ISC license
Activity

Stars

10 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

15 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages