escapeHTML_URI Entities
... #escapeHTML_URI Entities ...
The Goal Of escapeHTML_URI Script Is To Prevent SQLi, XSS & Related Attacks By EscapingHTML
,URI
,Base64
&Unicode
Entities.escapeHTML_URI Can Process All JavaScript Object Types; Encode The Input (no matter the Object depth); & Output The Result With The Same Object Type As The Input Value.
HTML
/URI
/Base64
/Unicode
Entities Are
Supported
<>&/,:;"`\'|{ }$!()*-#[]=~_.+%
UPDATE
Version: 1.1.5
- Implemented Unicode Encoding Option
Version: 1.1.4
- Optimized Code
- Added
+
&%
To The Entities
Version: 1.1.3
- Fixed
atob()
&btoa()
For Node.js
Version: 1.1.0
- Auto Escapes Base64 Entities
- Disabled Function Execution
- Added
_
&.
To The Entities
Using Script Without Installing
replit
Use On// Navigate To https://replit.com/languages/Nodejs#index.js
// On replit Call...
const escapeHTML_URI = require("escape_html_uri");
escapeHTML_URI(
{ b: [true, 26, "Bree", ":", "</>", null, undefined] },
"uri",
":</>"
);
// Replit Output Below...
{
b: [
true,
26,
"Bree",
"%3A",
"%3C%2F%3E",
"A Valid Input Is Required Here...",
"A Valid Input Is Required Here...",
];
}
Setup In Project
HTML Script
<script src="escapeHTML_URI.js"></script>
Installation
NPM Installation
npm i escape_html_uri
Clone Repo
GitHub Repo
gh repo clone Sidodus/escapeHTML_URI
Import To Project
ES5 module:
const escapeHTML_URI = require("escape_html_uri");
ES6 module:
import { escapeHTML_URI } from "escape_html_uri";
AMD loader libraries such as requireJS:
require(["escape_html_uri"], function (html) {
// Use escape_html_uri here in local scope.
});
Use In Project:
escapeHTML_URI(html, encodeFormat, htmlEncodeEntity);
escapeHTML_URI(html, encodeFormat, htmlEncodeEntity);
EXPLANATION
escapeHTML_URI(html, encodeFormat, htmlEncodeEntity)
Takes In 3 Arguments, With only The 1st Argument Being Compulsory.
html
= Input To Encode (COMPULSORY)
encodeFormat
= The Encode Format e.g (html OR uri OR unicode) (OPTIONAL)
htmlEncodeEntity
= Your Custom HTML / URI Encode Entity Based On Supported Entities (OPTIONAL)
NOTE:
-
Argument 2
Defaults To html
If null
Is Supplied, OR Argument Is Empty.
- You Can Decide Which
Html
OR URI
OR Unicode
Entity To Encode In Argument 3
-
Argument 3
Defaults To <>&/,:;"`\'|{ }$!()*-#[]=~_.
If Nothing Is Supplied.
-
escapeHTML_URI
Would Not Encode Any Entity If An Empty String (""
) Is Supplied In Argument 3
e.g escapeHTML_URI(">", null, "")
- Unsupported
Html
OR URI
OR Unicode
Entity Values Are Ignored In Argument 3
Argument 2
Defaults To html
If null
Is Supplied, OR Argument Is Empty.Html
OR URI
OR Unicode
Entity To Encode In Argument 3
Argument 3
Defaults To <>&/,:;"`\'|{ }$!()*-#[]=~_.
If Nothing Is Supplied.escapeHTML_URI
Would Not Encode Any Entity If An Empty String (""
) Is Supplied In Argument 3
e.g escapeHTML_URI(">", null, "")
Html
OR URI
OR Unicode
Entity Values Are Ignored In Argument 3
EXAMPLES
Input Type = String
escapeHTML_URI("<script>alert(1337)</script>");
Output = <script>alert(1337)</script>
Input Type = Array
1st Optional Argument = html
escapeHTML_URI(["<", ">", "&", "/", ",", ":", ";", """, "`", "\", "'", "|", "{", "}", "$", " ", "!", "(", ")", "*", "-", "#", "[", "]", "=", "~"], "html");
Output = ["<", ">", "&;", "/", ",", ":", ";", """, "`", "\", "'", "|", "{", "}", "$", " ", "!", "(", ")", "*", "-", "#;", "[", "]", "=", "~"];
Input Type = Object
1st Optional Argument = uri
escapeHTML_URI(
{ a: "<", b: ">", c: "\\", "{": "}", x: "<24>", y: "/", z: "{26}" },
"uri"
);
Output = {
a: "%3C",
z: "%3E",
c: "%5C",
x: "%3C24%3E",
y: "%2F",
z: "%7B26%7D",
"{": "%7D",
};
Input Type = String
1st Optional Argument = uri
2nd Optional Argument = </>
escapeHTML_URI("<script>alert(1337)<\/script>", "uri", "</>");
Output = %3Cscript%3Ealert(1337)%3C%2Fscript%3E;
Input Type = Base64 String
1st Optional Argument = unicode
2nd Optional Argument = ://
escapeHTML_URI("aHR0cDovL2V4YW1wbGUuY29t", "unicode", "://");
Output = aHR0cFx1MDAzYVx1MDAyZlx1MDAyZmV4YW1wbGUuY29t;
Input Type = String
1st Optional Argument = unicode
2nd Optional Argument = ://
escapeHTML_URI("http://example.com", "unicode", "://");
Output = http\u003a\u002f\u002fexample.com;
Input Type = Object
1st Optional Argument = null
2nd Optional Argument = <>&/,:;\{ }()
escapeHTML_URI(
{
f: {
str: "<script>alert(1337)<\\/script>",
e: {
arr: [1, ">", "a", "<", 2, "b", "{", 3, "c"],
d: {
func: () => "hello World",
func2: () => () => "Hello JavaScript",
c: {
NulL: null,
undefined,
b: {
Bool: true,
a: {
Bool: false,
obj: {
g: "$",
obj1: { a: ">" },
obj2: { b: "</script>", g: () => "hello World" },
obj3: { b: ["z", 26, "Bree", ":", "</>"] },
str2: "<script>alert(1337)<\\/script>",
NoMansLand: "NoMansLand",
arr: [1, ">", "a", "<", 2, "b", "{", 3, "c"],
},
str3: "<script>alert(1337)<\\/script>",
arr2: [1, ">", "a", "<", 2, "b", "{", 3, "c"],
func3: () => () => () => "hello World",
uri: "http\\u00253A\\u00252F\\u00252Fexample.com",
Base64: "PHNjcmlwdD5hbGVydCgxMzM3KTxcL3NjcmlwdD4=",
base64:
"VlVWb1QyRnRUblJpU0dSclVrUldiMWxyWkZkbFYxSkVXak5vVG1Wck1IcFRNVkl6WkcxTmVWUnViR2hYUlVsM1ZVZGpPVkJSUFQwPQ==",
},
},
},
},
},
},
},
null,
"<>&;/,:;{ }()"
);
Output = {
f: {
str: "<script>alert(1337)</script>",
e: {
arr: [1, ">", "a", "<", 2, "b", "{", 3, "c"],
d: {
func: '() => "hello World"',
func2:
'() => () => "Hello JavaScript"',
c: {
NulL: "A Valid Input Is Required Here...",
undefined: "A Valid Input Is Required Here...",
b: {
Bool: true,
a: {
Bool: false,
obj: {
g: "$",
obj1: {
a: ">",
},
obj2: {
b: "</script>",
g: '() => "hello World"',
},
obj3: {
b: ["z", 26, "Bree", ":", "</>"],
},
str2: "<script>alert(1337)</script>",
NoMansLand: "NoMansLand",
arr: [1, ">", "a", "<", 2, "b", "{", 3, "c"],
},
str3: "<script>alert(1337)</script>",
arr2: [1, ">", "a", "<", 2, "b", "{", 3, "c"],
func3:
'() => () => () => "hello World"',
uri: "http\u00253A\u00252F\u00252Fexample.com",
Base64:
"Jmx0O3NjcmlwdCZndDthbGVydCYjeDI4OzEzMzcmI3gyOTsmbHQ7XCYjeDJmO3NjcmlwdCZndDs=",
base64:
"VTIweE5FMUZPSHBVYlhCcVlsZDRNMXBGVG1GaWJWSkZaRWRvYVZJeFdqVmFSVTVhWVcxV1JWTlVVbEJsYTFZMlZGaHdhbUpWYTNwYU0yeFFWa2hPZEZscmFGSk9NSEJ3VkdwU1RtSldhek5aZWtwUFpWZEdXVkZxUWt0aVYxRjNWRE5qT1ZCUlBUMD0=",
},
},
},
},
},
},
};
Developed By Saheed Odulaja.