1.0.0 • Published 6 years ago

guarded-string v1.0.0

Weekly downloads
2
License
MIT
Repository
github
Last release
6 years ago

guarded`string`

Prevent accidentally introducing XSS holes with the strings in your app

Hold your friends close, and your strings closer

Installation

yarn add guarded-string

Usage

Important! This should be used for things like preventing XSS attacks, not for hiding sensitive information.

import guardedString from 'guarded-string';

const myString = guardedString`My very important (but not too important) string`;

guardedString.isGuardedString(myString); // >> boolean
guardedString.assertGuardedString(myString); // >> maybe throws
guardedString.toUnguardedString(myString); // >> unguarded string (throws on other value types)

myString + 'hi'; // Error!
JSON.stringify(myString); // Error!
// etc.

Examples

guardedString`foo`; // Works!
guardedString`foo${1}`; // Error!
guardedString(['foo']); // Error!
let str = guardedString`foo`;

str.toString(); // Error!
'' + str; // Error!
String(str); // Error!
`${str}`; // Error!
1 * str; // Error!
JSON.stringify(str); // Error!

See test cases for more

guardedsecuresafestringtemplateliteralxss
@infinitebrahmanuniverse/nolb-gua@everything-registry/sub-chunk-1802@zalastax/nolb-gua
1.0.0

6 years ago