# sanitize
Input/output sanitization for security.
## Functions
| Function | Description | Example |
| -------- | -------------------------------------------- | ------------------------------ |
| `html` | Sanitize HTML by escaping special characters | `dphelper.sanitize.html(html)` |
## Description
Security-focused sanitization utilities:
* **HTML Escape** - Convert special characters to HTML entities
* **XSS Prevention** - Prevent cross-site scripting attacks
* **Input Validation** - Clean user-provided content
## Usage Examples
### HTML Sanitization
```javascript
// Escape HTML special characters
const userInput = '';
const safe = dphelper.sanitize.html(userInput);
// Output: ""
// More examples
const html1 = dphelper.sanitize.html('Hello
');
// "Hello
"
const html2 = dphelper.sanitize.html('Use
for line breaks');
// "Use
for line breaks"
const html3 = dphelper.sanitize.html("It's a beautiful day");
// "It's a beautiful day"
```
### Display User Content Safely
```javascript
// Safely display user comments
function displayComment(comment) {
const sanitized = dphelper.sanitize.html(comment);
document.getElementById('comments').innerHTML = sanitized;
}
// User input (malicious)
const maliciousInput = '
';
displayComment(maliciousInput);
// Safely displays as text, not executed
// Chat message sanitization
const messages = [
'User1: Hello everyone!',
'Welcome!',
'Check out this link'
];
messages.forEach(msg => {
console.log(dphelper.sanitize.html(msg));
});
// User1: Hello everyone!
// Welcome!
// Check out this link
```
### Form Input Validation
```javascript
// Sanitize form inputs before storage
function sanitizeFormInput(input) {
if (typeof input !== 'string') return '';
return dphelper.sanitize.html(input.trim());
}
const formData = {
username: ' user ',
bio: 'I love and "quotes"',
website: 'https://example.com'
};
const sanitized = {
username: sanitizeFormInput(formData.username),
bio: sanitizeFormInput(formData.bio),
website: sanitizeFormInput(formData.website)
};
// { username: "user", ... }
```
### Database Storage
```javascript
// Sanitize before storing in database
function saveToDatabase(data) {
const sanitized = {};
for (const key in data) {
if (typeof data[key] === 'string') {
sanitized[key] = dphelper.sanitize.html(data[key]);
} else {
sanitized[key] = data[key];
}
}
return sanitized;
}
```
## Details
* **Author:** Dario Passariello
* **Version:** 0.0.2
* **Creation Date:** 20241204
* **Last Modified:** 20241204
* **Environment:** both (browser + Node.js)
***
*Automatically generated document*