How to use sanitizer - 10 common examples

To help you get started, we’ve selected a few sanitizer examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github GreenInfo-Network / caliparks.org / contexts / search.js View on Github external
return pg.connect(env.require('DATABASE_URL'), function(err, client, done) {
    var callback = function() {
      done();
      return _callback.apply(null, arguments);
    };

    if (data.limit) {
      dbLimit = ' LIMIT ' + data.limit;
    }

    searchQuery = data.query || data._query.q;

    if (searchQuery) {
      dbQuery = sanitizer.sanitize(searchQuery.toLowerCase()).split('+').join(' ') || sanitizer.sanitize(dbQuery);
    }

    buildQuery(dbQuery, data, function(err, fullQuery) {

      if (err) {
        return callback(err);
      }

      return client.query(fullQuery, function(err, result) {
        if(err) {
          console.error('error running query', err);
          return callback(err);
        }

        //
        // Format activity data
github GreenInfo-Network / caliparks.org / contexts / search.js View on Github external
') AS score',
  ].join('\n');

  var scoreOrderBy = 'score DESC,';

  //
  // Decide which kind of search this is
  //

  if (data._query.with && data._query.with.length && data._query.near && data._query.near.length) { //Has amenities & near filter

    // With
    //
    // Split activities into an array
    //
    queryArray = sanitizer.sanitize(data._query.with).split('+');

    //
    // Limit the amount of activities which can be passed in
    //
    queryArray.length = Math.min(queryArray.length, 20);

    //
    // Build column aliases for JSON select
    //
    activitiesColumnSQLslug = queryArray.map(function(activity) {
      return "activities->'"+activity+"' as "+activity;
    }).join(',');

    //
    // Build where statement for JSON select
    //
github nrocco / bookmarks / index.js View on Github external
function stripHTML(html) {
    var clean = sanitizer.sanitize(html, function (str) {
        return str;
    });

    // Remove all remaining HTML tags.
    clean = clean.replace(/<(?:.|\n)*?>/gm, "");

    // RegEx to remove needless newlines and whitespace.
    // See: http://stackoverflow.com/questions/816085/removing-redundant-line-breaks-with-regular-expressions
    clean = clean.replace(/(?:(?:\r\n|\r|\n)\s*){2,}/ig, "\n");

    return clean.trim();
}
github 3rd-Eden / renderme / index.js View on Github external
render(data, options, function rendered(err, html) {
    if (!html && data.readme) {
      html = data.readme;
    }

    //
    // Just ignore the error, it was a 404, the README file on github could not
    // be located.
    //
    if (err && err.statusCode === 404) err = null;

    //
    // Make sure we return a clean output.
    //
    fn(err, sanitizer.sanitize(html || '', url.bind(null, options.github)));
  });
}
github senchalabs / jsduck / comments / lib / formatter.js View on Github external
format: function(content) {
        var markdowned;
        try {
            markdowned = marked(content);
        } catch(e) {
            markdowned = content;
        }

        // Strip dangerous markup, but allow links to all URL-s
        var sanitized_output = sanitizer.sanitize(markdowned, function(str) {
            return str;
        });

        // IE does not support '
        return sanitized_output.replace(/'/g, ''');
    }
};
github senchalabs / jsduck / opt / comments-server-side / util.js View on Github external
exports.markdown = function(content) {
    var markdowned;
    try {
        markdowned = marked(content);
    } catch(e) {
        markdowned = content;
    }

    // Strip dangerous markup, but allow links to all URL-s
    var sanitized_output = sanitizer.sanitize(markdowned, function(str) {
        return str;
    });

    // IE does not support '
    return sanitized_output.replace(/'/g, ''');
};
github cliftonc / calipso / modules / core / content / content.js View on Github external
var text = c.get(options.property) || req.t("Invalid content property: {property}", {property:options.property});
        if (options.clickEdit && req.session && req.session.user && req.session.user.isAdmin) {
          text = "<div id="&quot; + c._id + &quot;" class="content-block" title="&quot; + req.t(&quot;Double click to edit content block ...&quot;) + &quot;">" +
            text + "</div>";
        }
        // Don't sanitize the content of the actual post.
        text = sanitizer.sanitize(text, function uri_policy(uri) { return uri; });
        next(null, text);

      } else {
        // Sanitize strings
        var prop;
        for (var prop in c) {
          if (typeof c[prop] === 'string') {
            c[prop] = sanitizer.sanitize(c[prop], function uri_policy(uri) { return uri; });
          }
        }

        // Just return the object
        next(null, c);
      }

    }

  });
github netinstructions / 100-days-of-angular2 / server / routes / api.js View on Github external
router.post('/post-message', function(req, res, next) {
  if(req.body.message &amp;&amp; req.body.message.length &lt; 500) {
    var unsafeMessage = req.body.message;
    var sanitizedMessage = sanitizer.sanitize(req.body.message);
    console.log('New message of the moment (unsafe): ' + unsafeMessage);
    console.log('New message of the moment (clean) : ' + sanitizedMessage);
    messageOfTheMoment = sanitizedMessage;
    res.json({'message': sanitizedMessage});
  } else {
    res.json({'error': 'message not set', 'length': req.body.message.length});
  }
});
github birdlab / trigger / src / node / trigger / sockets.js View on Github external
socket.on('addtag', function (data) {
		if (socket.user) {
			if (data.s) {
				data.s = san.sanitize(data.s);
				db.addTag(data.s, function (dbdata) {
					if (!dbdata.error) {
						dbdata.n = data.s;
						var userdata = {t: [dbdata]}
						socket.emit('tags', userdata);
					}
				});
			}
		}
	});
github birdlab / trigger / src / node / trigger / channel.js View on Github external
}
                        sockets.sendAddTrack({'chid': ch.id, 'track': packTrackData(track)});
                    } else {
                        track.addtime = track.date;
                        var user = main.user(track.submiter);
                        if (user) {
                            if (user.time &gt; track.time || ch.chat.users.length &lt; 11 || ch.id != 1 || ch.playlist.length &lt; 11) {
                                ch.playlist.push(track);
                                track.channel = ch.id;
                                track.unlim = 0;
                                if ((ch.chat.users.length &lt; 10 || ch.playlist.length &lt; 21) &amp;&amp; ch.id == 1) {
                                    track.unlim = 1;
                                }
                                track.artist = san.sanitize(track.artist);
                                track.title = san.sanitize(track.title);
                                track.info = san.sanitize(track.info);
                                track.artist = track.artist.replace('&amp;', '&amp;');
                                track.title = track.title.replace('&amp;', '&amp;');
                                track.addtime = new Date(Date.now() + 10800000);
                                db.addTrack(track, function () {
                                    track.rating = 0;
                                    track.date = new Date(Date.now() + 10800000);
                                    track.positive = [];
                                    track.negative = [];
                                    var weight = user.fastinfo().w;
                                    if (track.vote != 'undefined') {
                                        console.log('track.vote - ' + track.vote);
                                        track.vote = parseInt(track.vote);
                                        if (!(track.vote &gt; weight)) {
                                            if (ch.active &lt; 10) {
                                                weight = 0;
                                            } else {

sanitizer

Caja's HTML Sanitizer as a Node.js module

Apache-2.0
Latest version published 9 years ago

Package Health Score

53 / 100
Full package analysis

Popular sanitizer functions