A recursive sanitizer for JSON inputs. Traverses nested arrays and objects, sanitizing every string value against XSS attacks using DOMPurify and decoding HTML entities with he. Ideal for sanitizing form data before submission to the back-end.
npm install sanitized
# or
yarn add sanitizednpm install sanitized@1.2.1
# or
yarn add sanitized@1.2.1const sanitized = require("sanitized").default; // commonjs
// or
import sanitized from "sanitized"; // esmsanitized("<img src=x onerror=alert(1)//>");
// '<img src="x">'sanitized(["<svg><g/onload=alert(2)//<p>"]);
// ['<svg><g></g></svg>']sanitized({
test: '<math><mi//xlink:href="data:x,<script>alert(4)</script>">',
});
// { test: '<math><mi></mi></math>' }sanitized([
"<svg><g/onload=alert(2)//<p>",
{
name1: [
'<math><mi//xlink:href="data:x,<script>alert(4)</script>">',
{ name2: "<p>abc<iframe//src=jAva	script:alert(3)>def" },
],
},
]);
// [
// "<svg><g></g></svg>",
// { name1: ["<math><mi></mi></math>", { name2: "<p>abc</p>" }] }
// ]Non-string values (number, boolean, null, undefined) are returned as-is.
sanitized(42); // 42
sanitized(null); // null
sanitized(undefined); // undefinedThe second parameter accepts any DOMPurify config options.
sanitized("<b>hello</b>", { ALLOWED_TAGS: ["b"] }); // "<b>hello</b>"MIT