bleach
bleach copied to clipboard
Published
20 hours ago •
ecto
ecto
Not able to sanitize URL : http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E using bleach
Hi,
I am not able to sanitize encoded URL as see below:
http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E.
we are also to sanitize if url is coming as : http://localhost:3000/tv/
Can you please help on this how this can be sanitize as from request itself we are getting URL in this manner.
You need to decode the URI. There are two globals for that in JS:
see in action:
const {sanitize} = require('bleach');
const unsafe_uri = 'http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E';
const sanitizeUri = uri => {
let decodedUri = decodeURI(uri);
let sanitized = sanitize(decodedUri);
let sanitized_and_encoded = encodeURI(sanitized);
return sanitized_and_encoded;
};
var safe_uri = sanitizeUri(unsafe_uri);
console.log(safe_uri);
or if you can or want to be more precize in what to sanitize:
const {sanitize} = require('bleach'),
url = require("url");
const unsafe_uri = 'http://localhost:3000/tv/%3Cscript%3Easd12569%3C/script%3E';
const sanitizeUri = (uri, options = {
component: "pathname",
encode: "none"
}) => {
let urlObject = url.parse(uri);
let compenentString = urlObject[options.component];
compenentString = decodeURIComponent(compenentString);
compenentString = sanitize(compenentString);
if(options.encode === "full") compenentString = encodeURI(compenentString);
else if (options.encode === "component") compenentString = encodeURIComponent(compenentString);
urlObject[options.component] = compenentString;
return url.format(urlObject);
};
var safe_uri = sanitizeUri(unsafe_uri, {
component: "pathname",
encode: "full"
});
console.log(safe_uri);
