Bairdy
Bairdy10mo ago

Deno - Sanitize Filters

Does Deno have anything similar to https://www.php.net/manual/en/filter.filters.sanitize.php for HTTP HTML POST forms? Example: 
function filterSanitizeString(input: string): string {
  // Remove control characters
  let sanitized = input.replace(/[\x00-\x1F\x7F-\x9F]/g, "");
  
  // Remove potential SQL injection code
  sanitized = sanitized.replace(/('|--|;)/g, "");
  
  // Remove potential script injection
  sanitized = sanitized.replace(/(<script>|<\/script>)/gi, "");
  
  // Escape special HTML characters to prevent basic HTML injection
  sanitized = sanitized.replace(/&/g, '&amp;')
  .replace(/</g, '&lt;')
  .replace(/>/g, '&gt;')
  .replace(/"/g, '&quot;')
  .replace(/'/g, '&#39;');

  return sanitized;
}
function filterSanitizeString(input: string): string {
  // Remove control characters
  let sanitized = input.replace(/[\x00-\x1F\x7F-\x9F]/g, "");
  
  // Remove potential SQL injection code
  sanitized = sanitized.replace(/('|--|;)/g, "");
  
  // Remove potential script injection
  sanitized = sanitized.replace(/(<script>|<\/script>)/gi, "");
  
  // Escape special HTML characters to prevent basic HTML injection
  sanitized = sanitized.replace(/&/g, '&amp;')
  .replace(/</g, '&lt;')
  .replace(/>/g, '&gt;')
  .replace(/"/g, '&quot;')
  .replace(/'/g, '&#39;');

  return sanitized;
}
2 Replies
Deno AI Helper
Deno AI Helper10mo ago
The documentation does not provide a specific function or module for sanitizing HTML form inputs like PHP's filter.filters.sanitize. However, it does provide an example of a simple HTML sanitization function to prevent XSS vulnerabilities in the context of server-side rendering. Here's the example from the documentation: 
function sanitizeHtml(text) {
  return text
    .replace(/&/g, "&amp;")
    .replace(/</g, "&lt;")
    .replace(/>/g, "&gt;")
    .replace(/"/g, "&quot;")
    .replace(/'/g, "&#039;");
}
function sanitizeHtml(text) {
  return text
    .replace(/&/g, "&amp;")
    .replace(/</g, "&lt;")
    .replace(/>/g, "&gt;")
    .replace(/"/g, "&quot;")
    .replace(/'/g, "&#039;");
}
This function replaces special HTML characters with their corresponding HTML entities to prevent basic HTML injection. However, it does not cover SQL injection prevention or script tag removal as in your provided example. For more advanced sanitization needs, you might need to use or create a more comprehensive function or use a third-party library, but please note that this advice is not explicitly supported by the documentation.
Helpful Links: Using deno-dom | Manual | Deno Hello World | Manual | Deno The Future (and the Past) of the Web is Server Side Rendering Word Finder | Manual | Deno
Leokuma
Leokuma10mo ago
AFAIK there's only HTML escaping: https://deno.land/std@0.203.0/html/mod.ts?s=escape
More Posts
Having a problem while getting a file from form. Oak.I'm having a problem while getting a file from a form. I can only read it's name, but not its body.[RESOLVED] Async Route vs Sync Route: Signatures are error-proneI am new to Deno Fresh and I ran into a strange bug (on my side), when changing a sync route to an aInstalling a deno scriptI have a deno script that I've written that takes a single arg. I want to install it so that I can cHow to bundle my projectI have a mod.js file that I wrote with Deno and I want to bundle it and it depends on bunch of otherOdd server requests on my Delpoy project...I was logging the requested paths to static files yesterday while troubleshooting an issue with a seerror on installingi do not know if im doing it right or something else