Press n or j to go to the next uncovered block, b, p or k for the previous block.
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 | 21x 379x 1x 378x 115x 115x 258x 115x 263x 225x 38x 21x 15x | export function sanitizeInput(obj: any): any {
if (Array.isArray(obj)) {
return obj.map(sanitizeInput);
} else if (obj && typeof obj === 'object') {
const sanitized: any = {};
for (const key of Object.keys(obj)) {
sanitized[key] = sanitizeInput(obj[key]);
}
return sanitized;
} else if (typeof obj === 'string') {
// Basic sanitization: trim and escape dangerous characters
return obj.trim().replace(/[<>"'`;(){}]/g, '');
}
return obj;
}
/**
* Minimal HTML sanitization for user-supplied rich text fields.
* Removes script/iframe/embed/object tags and inline event handlers.
* Note: This is a conservative server-side scrub; client-side rendering should still use safe encoders.
*/
export function sanitizeHtml(text: string): string {
return (text || '')
.replace(/<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi, '')
.replace(/<iframe\b[^<]*(?:(?!<\/iframe>)<[^<]*)*<\/iframe>/gi, '')
.replace(/<object\b[^<]*(?:(?!<\/object>)<[^<]*)*<\/object>/gi, '')
.replace(/<embed\b[^<]*(?:(?!<\/embed>)<[^<]*)*<\/embed>/gi, '')
.replace(/javascript:/gi, '')
.replace(/on\w+\s*=/gi, '')
.trim();
} |