sw-class-sanitizer
v0.1.2
Published
Class-based sanitation in Typescript using decorators
Downloads
306
Readme
sw-class-sanitizer
Allows to use decorator and non-decorator based sanitization in your Typescript classes. Internally uses validator.js to make sanitization.
Fork of class-sanitizer
Installation
npm install sw-class-sanitizer --save
yarn add sw-class-sanitizer
Usage
Create your class and put some sanity decorators on its properties you want to sanitize:
import { sanitize, Trim, Rtrim, Blacklist } from 'class-sanitizer';
export class Post {
@Trim() title: string;
@Rtrim(['.'])
@Blacklist(/(1-9)/)
text: string;
}
let post1 = new Post();
post1.title = ' Hello world ';
post1.text = '1. this is a great (2) post about hello 3 world.';
sanitize(post);
console.log(post);
// now post will look like this:
// Post {
// title: "Hello world",
// text: ". this is a great post about hello world"
// }
Custom sanitization classes
If you have custom sanity logic you want to use as annotations you can do it this way:
First create a file, lets say
LetterReplacer.ts
, and create there a new class:import { SanitizerInterface, SanitizerConstraint } from 'class-sanitizer'; @SanitizerConstraint() export class LetterReplacer implements SanitizerInterface { sanitize(text: string): string { return text.replace(/o/g, 'w'); } }
Your class must implement
SanitizerInterface
interface and itssanitize
method, which defines sanitization logic.Then you can use your new sanitization constraint in your class:
import { Sanitize } from 'class-sanitizer'; import { LetterReplacer } from './LetterReplacer'; export class Post { @Sanitize(LetterReplacer) title: string; }
Here we set our newly created
LetterReplacer
sanitization constraint forPost.title
.Now you can use sanitizer as usual:
import { sanitize } from 'class-sanitizer'; sanitize(post);
Using service container
Sanitizer supports service container in the case if want to inject dependencies into your custom sanity constraint classes. Here is example how to integrate it with typedi:
import { Container } from 'typedi';
import { Sanitizer } from 'class-sanitizer';
// do this somewhere in the global application level:
let sanitizer = Container.get(Sanitizer);
sanitizer.container = Container;
// now everywhere you can inject `Sanitizer` class which will go from the container
// also you can inject classes using constructor injection into your custom sanitizers.
Manual sanitization
There are several methodw in the Sanitizer
that allows to perform non-decorator based sanitization:
import Sanitizer from 'class-sanitizer';
Sanitizer.blacklist(str, chars);
Sanitizer.escape(str);
Sanitizer.ltrim(str, chars);
Sanitizer.normalizeEmail(str, isLowercase);
Sanitizer.rtrim(str, chars);
Sanitizer.stripLow(str, keepNewLines);
Sanitizer.toBoolean(input, isStrict);
Sanitizer.toDate(input);
Sanitizer.toFloat(input);
Sanitizer.toInt(input, radix);
Sanitizer.toString(input);
Sanitizer.trim(str, chars);
Sanitizer.whitelist(str, chars);
Sanitizer.toUpperCase(str);
Sanitizer.toLowerCase(str);
Sanitization decorators
| Decorator | Description |
| -------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| @Blacklist(chars: RegExp)
| Remove characters that appear in the blacklist. |
| @Escape()
| Replace <, >, &, ', " and / with HTML entities. |
| @Ltrim()
| Trim characters from the left-side of the input. |
| @NormalizeEmail()
| Canonicalize an email address. |
| @Rtrim()
| Trim characters from the right-side of the input. |
| @StripLow()
| Remove characters with a numerical value < 32 and 127, mostly control characters. |
| @ToBoolean(isStrict?: boolean)
| Convert the input to a boolean. Everything except for '0', 'false' and '' returns true. In strict mode only '1' and 'true' return true. |
| @ToDate()
| Convert the input to a date, or null if the input is not a date. |
| @ToFloat()
| Convert the input to a float. |
| @ToInt()
| Convert the input to an integer, or NaN if the input is not an integer. |
| @ToString()
| Convert the input to a string. |
| @Trim(chars?: string[])
| Trim characters (whitespace by default) from both sides of the input. You can specify chars that should be trimmed. |
| @Whitelist(chars: RegExp)
| Remove characters that do not appear in the whitelist.* The characters are used in a RegExp and so you will need to escape some chars, e.g. whitelist(input, '\[\]'). |
| @ToUpperCase()
| (self-explanatory) |
| @ToLowerCase()
| (self-explanatory) |
Examples
Take a look at the tests for more examples of usages.