Skip to content

Instantly share code, notes, and snippets.

@davecra

davecra/sanitizeString.js

Created September 8, 2023 03:16
Show Gist options
  • Save davecra/2665c05a2dd9ffc8dcfb5fd2484b289c to your computer and use it in GitHub Desktop.
Save davecra/2665c05a2dd9ffc8dcfb5fd2484b289c to your computer and use it in GitHub Desktop.
Download ZIP
HTML Sanitizer
Raw
sanitizeString.js
/**
* Sanitizes the string for possible malicious values
* @param {String} string
* @returns {String}
*/
static sanitizeString = (string) => {
try {
string = string.replace(/(javascript:|onerror)/gi, "");
string = string.replace(/undefined/gi, "");
string = string.replace(/<script/gi, "&lt;script");
string = string.replace(/<iframe/gi, "&lt;iframe");
string = string.replace(/<object/gi, "&lt;object");
string = string.replace(/<embed/gi, "&lt;embed");
string = string.replace(/<applet/gi, "&lt;applet");
string = string.replace(/<form/gi, "&lt;form");
string = string.replace(/<meta/gi, "&lt;meta");
string = string.replace(/<link/gi, "&lt;link");
string = string.replace(/<a\s/gi, "&lt;a ");
string = string.replace(/<img\s/gi, "&lt;img ");
string = string.replace(/="/gi, "&#x3D;&#39;");
string = string.replace(/='/gi, "&#x3D;&#39;");
string = string.replace(/=`/gi, "&#x3D;&#x60;");
string = string.replace(/\/>/gi, "&#x2F;&gt;");
return string;
} catch (e) {
return `[[SANITIZED STRING MALFORMED: ${e}]]`;
}
};
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment