uri-tag
A template literal tag to encode URI components. Allows you to to build a URI string, where any expressions will be safely encoded.
import uri from 'uri-tag';
const name = getName(); // Arbitrary user input
const status = getStatus(); // Arbitrary user input
const myUri = uri`https://example.com/api/users?name=${name}&status=${status}`;
Uses RFC 3986 compliant URI encoding to encode any unsafe character sequences to their escaped representations:
const query = 'query with special chars ! ? foo=bar %';
const endpoint = uri`/api/search?q=${query}`;
// endpoint === '/api/search?q=query%20with%20special%20chars%20%21%20%3F%20foo%3Dbar%20%25'
To bypass encoding for a specific component, you can use uri.raw
:
const apiBase = 'https://example.com/api/v1';
const query = 'foo/bar';
const endpoint = uri`${uri.raw(apiBase)}/users?name=${query}`;
// endpoint === 'https://example.com/api/v1/users?name=foo%2Fbar'
uri.raw
uses a unique symbol under the hood, so that only code with access to the uri-tag
module can pass in a raw template variable. Any user input from an external source (so, strings, JSON objects, etc.) will not be able to access this symbol.
Types
This package includes definitions for TypeScript.
Similar packages
- encody
- encodeuricomponent-tag
-
url-escape-tag (Relies on NodeJS
querystring
module, requires a polyfill for browser usage.) - url-tagged-template (Different goals, parses URLs to their components rather than returning a URL string.)