How to use sanitizer - 10 common examples
To help you get started, we’ve selected a few sanitizer examples, based on popular ways it is used in public projects.
Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
GreenInfo-Network / caliparks.org / contexts / search.js View on Github 
return pg.connect(env.require('DATABASE_URL'), function(err, client, done) {
var callback = function() {
done();
return _callback.apply(null, arguments);
};
if (data.limit) {
dbLimit = ' LIMIT ' + data.limit;
}
searchQuery = data.query || data._query.q;
if (searchQuery) {
dbQuery = sanitizer.sanitize(searchQuery.toLowerCase()).split('+').join(' ') || sanitizer.sanitize(dbQuery);
}
buildQuery(dbQuery, data, function(err, fullQuery) {
if (err) {
return callback(err);
}
return client.query(fullQuery, function(err, result) {
if(err) {
console.error('error running query', err);
return callback(err);
}
//
// Format activity data') AS score',
].join('\n');
var scoreOrderBy = 'score DESC,';
//
// Decide which kind of search this is
//
if (data._query.with && data._query.with.length && data._query.near && data._query.near.length) { //Has amenities & near filter
// With
//
// Split activities into an array
//
queryArray = sanitizer.sanitize(data._query.with).split('+');
//
// Limit the amount of activities which can be passed in
//
queryArray.length = Math.min(queryArray.length, 20);
//
// Build column aliases for JSON select
//
activitiesColumnSQLslug = queryArray.map(function(activity) {
return "activities->'"+activity+"' as "+activity;
}).join(',');
//
// Build where statement for JSON select
//function stripHTML(html) {
var clean = sanitizer.sanitize(html, function (str) {
return str;
});
// Remove all remaining HTML tags.
clean = clean.replace(/<(?:.|\n)*?>/gm, "");
// RegEx to remove needless newlines and whitespace.
// See: http://stackoverflow.com/questions/816085/removing-redundant-line-breaks-with-regular-expressions
clean = clean.replace(/(?:(?:\r\n|\r|\n)\s*){2,}/ig, "\n");
return clean.trim();
}render(data, options, function rendered(err, html) {
if (!html && data.readme) {
html = data.readme;
}
//
// Just ignore the error, it was a 404, the README file on github could not
// be located.
//
if (err && err.statusCode === 404) err = null;
//
// Make sure we return a clean output.
//
fn(err, sanitizer.sanitize(html || '', url.bind(null, options.github)));
});
}format: function(content) {
var markdowned;
try {
markdowned = marked(content);
} catch(e) {
markdowned = content;
}
// Strip dangerous markup, but allow links to all URL-s
var sanitized_output = sanitizer.sanitize(markdowned, function(str) {
return str;
});
// IE does not support '
return sanitized_output.replace(/'/g, ''');
}
};exports.markdown = function(content) {
var markdowned;
try {
markdowned = marked(content);
} catch(e) {
markdowned = content;
}
// Strip dangerous markup, but allow links to all URL-s
var sanitized_output = sanitizer.sanitize(markdowned, function(str) {
return str;
});
// IE does not support '
return sanitized_output.replace(/'/g, ''');
};var text = c.get(options.property) || req.t("Invalid content property: {property}", {property:options.property});
if (options.clickEdit && req.session && req.session.user && req.session.user.isAdmin) {
text = "<div id="" + c._id + "" class="content-block" title="" + req.t("Double click to edit content block ...") + "">" +
text + "</div>";
}
// Don't sanitize the content of the actual post.
text = sanitizer.sanitize(text, function uri_policy(uri) { return uri; });
next(null, text);
} else {
// Sanitize strings
var prop;
for (var prop in c) {
if (typeof c[prop] === 'string') {
c[prop] = sanitizer.sanitize(c[prop], function uri_policy(uri) { return uri; });
}
}
// Just return the object
next(null, c);
}
}
});router.post('/post-message', function(req, res, next) {
if(req.body.message && req.body.message.length < 500) {
var unsafeMessage = req.body.message;
var sanitizedMessage = sanitizer.sanitize(req.body.message);
console.log('New message of the moment (unsafe): ' + unsafeMessage);
console.log('New message of the moment (clean) : ' + sanitizedMessage);
messageOfTheMoment = sanitizedMessage;
res.json({'message': sanitizedMessage});
} else {
res.json({'error': 'message not set', 'length': req.body.message.length});
}
});socket.on('addtag', function (data) {
if (socket.user) {
if (data.s) {
data.s = san.sanitize(data.s);
db.addTag(data.s, function (dbdata) {
if (!dbdata.error) {
dbdata.n = data.s;
var userdata = {t: [dbdata]}
socket.emit('tags', userdata);
}
});
}
}
});}
sockets.sendAddTrack({'chid': ch.id, 'track': packTrackData(track)});
} else {
track.addtime = track.date;
var user = main.user(track.submiter);
if (user) {
if (user.time > track.time || ch.chat.users.length < 11 || ch.id != 1 || ch.playlist.length < 11) {
ch.playlist.push(track);
track.channel = ch.id;
track.unlim = 0;
if ((ch.chat.users.length < 10 || ch.playlist.length < 21) && ch.id == 1) {
track.unlim = 1;
}
track.artist = san.sanitize(track.artist);
track.title = san.sanitize(track.title);
track.info = san.sanitize(track.info);
track.artist = track.artist.replace('&', '&');
track.title = track.title.replace('&', '&');
track.addtime = new Date(Date.now() + 10800000);
db.addTrack(track, function () {
track.rating = 0;
track.date = new Date(Date.now() + 10800000);
track.positive = [];
track.negative = [];
var weight = user.fastinfo().w;
if (track.vote != 'undefined') {
console.log('track.vote - ' + track.vote);
track.vote = parseInt(track.vote);
if (!(track.vote > weight)) {
if (ch.active < 10) {
weight = 0;
} else {sanitizer
Caja's HTML Sanitizer as a Node.js module
