Skip to content

kaliberjs/safe-url

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
src
src
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
index.js
index.js
 
 
package.json
package.json
 
 
readme.md
readme.md
 
 
tsconfig.json
tsconfig.json
 
 
yarn.lock
yarn.lock
 
 

Repository files navigation

Safe-url

Returns a safe url of the given string

Motivation

Solves potential XSS vulnerabilities when javascript: is used as a protocol.

Installation

yarn add @kaliber/safe-url

Usage

This function should be used when you want to navigate a user to a other url especially when you take the value form the url. A use case would be to check a returnUrl.

Basic usage

import { safeUrl } from '@kaliber/safe-url'

const { returnUrl } = req.query // useQueryString()

// Allowed protocols
window.location.href = safeUrl(returnUrl) // returnUrl = 'https://kaliber.net'

// This throws a error
window.location.href = safeUrl(returnUrl) // returnUrl =  'javascript:confirm(document.domain)'

allowedHostsList

import { safeUrl } from '@kaliber/safe-url'

safeUrl('https://npm.com/', { allowedHostsList: ['kaliber.net'] }) // throws a error
safeUrl('https://kaliber.net/', { allowedHostsList: ['kaliber.net'] }) // returns the given url.

Disclaimer

This library is intended for internal use, we provide no support, use at your own risk. It does not import React, but expects it to be provided, which @kaliber/build can handle for you.

This library is not transpiled.

About

No description, website, or topics provided.

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages