Class Sanitizer

The Sanitizer Class

Export

Sanitizer

Constructors

constructor

Properties

_entityMap _extendObjectOfArrays _iterateOverObject _trim _xssFilter allowedProtocols arcgisCSSWhiteList arcgisFilterOptions arcgisWhiteList xssFilterOptions

Methods

encodeAttrValue encodeHTML sanitize sanitizeHTMLAttribute sanitizeUrl validate

Constructors

constructor

  • new Sanitizer(filterOptions?, extendDefaults?): Sanitizer

  • Parameters

    • Optional filterOptions: IFilterXSSOptions
    • Optional extendDefaults: boolean

    Returns Sanitizer

Properties

Private Readonly _entityMap

_entityMap: any

Private _extendObjectOfArrays

_extendObjectOfArrays: any

Extends an object of arrays by by concatenating arrays of the same object keys. If the if the previous key's value is not an array, the next key's value will replace the previous key. This method is used for extending the whiteList in the XSS filter options.

Param: objects

An array of objects.

Returns

The extended object.

Memberof

Sanitizer

Private _iterateOverObject

_iterateOverObject: any

Iterate over a plain object or array to deeply sanitize each value.

Param: obj

The object to iterate over.

Returns

The sanitized object.

Memberof

Sanitizer

Private _trim

_trim: any

Trim whitespace from the start and ends of a string.

Param: val

The string to trim.

Returns

The trimmed string.

Private _xssFilter

_xssFilter: any

Readonly allowedProtocols

allowedProtocols: string[]

Readonly arcgisCSSWhiteList

arcgisCSSWhiteList: ICSSWhiteList

Readonly arcgisFilterOptions

arcgisFilterOptions: IFilterXSSOptions

Readonly arcgisWhiteList

arcgisWhiteList: IWhiteList

Readonly xssFilterOptions

xssFilterOptions: IFilterXSSOptions

Methods

encodeAttrValue

  • encodeAttrValue(value): string

  • Encodes all non-alphanumeric ASCII characters to their hexadecimal HTML entity codes. Example: "alert(document.cookie)" => "alert(document.cookie)"

    Parameters

    • value: string

      The value to encode.

    Returns string

    The encoded string value.

    Memberof

    Sanitizer

encodeHTML

  • encodeHTML(value): string

  • Encodes the following characters, & < > \" ' / to their hexadecimal HTML entity code. Example: "·" => "8middot;"

    Parameters

    • value: string

      The value to encode.

    Returns string

    The encoded string value.

    Memberof

    Sanitizer

sanitize

  • sanitize(value, options?): any

  • Sanitizes value to remove invalid HTML tags.

    Note: If the value passed does not contain a valid JSON data type (String, Number, JSON Object, Array, Boolean, or null), the value will be nullified.

    Parameters

    • value: any

      The value to sanitize.

    • Optional options: ISanitizeOptions

    Returns any

    The sanitized value.

    Memberof

    Sanitizer

sanitizeHTMLAttribute

  • sanitizeHTMLAttribute(tag, attribute, value, cssFilter?): string

  • Sanitizes an HTML attribute value.

    Parameters

    • tag: string

      The tagname of the HTML element.

    • attribute: string

      The attribute name of the HTML element.

    • value: string

      The raw value to be used for the HTML attribute value.

    • Optional cssFilter: ICSSFilter

      The CSS filter to be used.

    Returns string

    The sanitized attribute value.

    Memberof

    Sanitizer

sanitizeUrl

  • sanitizeUrl(value, options?): string

  • Sanitizes a URL string following the allowed protocols and sanitization rules.

    Parameters

    • value: string

      The URL to sanitize.

    • Optional options: {
          isProtocolRequired?: boolean;
      }

      Configuration options for URL checking.

      • Optional isProtocolRequired?: boolean

        Whether a protocol must exist on the URL for it to be considered valid. Defaults to true. If false and the provided URL has no protocol, it will be automatically prefixed with https://.

    Returns string

    The sanitized URL if it's valid, or an empty string if the URL is invalid.

validate

  • validate(value, options?): IValidationResponse

  • Checks if a value only contains valid HTML.

    Parameters

    • value: any

      The value to validate.

    • Optional options: ISanitizeOptions

    Returns IValidationResponse

    Memberof

    Sanitizer

Settings

Member Visibility

Theme

On This Page

constructor_entityMap_extendObjectOfArrays_iterateOverObject_trim_xssFilterallowedProtocolsarcgisCSSWhiteListarcgisFilterOptionsarcgisWhiteListxssFilterOptionsencodeAttrValueencodeHTMLsanitizesanitizeHTMLAttributesanitizeUrlvalidate