/// /** * The response from the validate method * * @export * @interface IValidationResponse */ export interface IValidationResponse { isValid: boolean; sanitized: any; } export interface IWhiteList extends XSS.IWhiteList { source?: string[]; } /** Options to apply to sanitize method */ export interface ISanitizeOptions { allowUndefined?: boolean; } /** * The Sanitizer Class * * @export * @class Sanitizer */ export declare class Sanitizer { readonly arcgisWhiteList: IWhiteList; readonly allowedProtocols: string[]; readonly arcgisFilterOptions: XSS.IFilterXSSOptions; readonly xssFilterOptions: XSS.IFilterXSSOptions; private _xssFilter; private readonly _entityMap; constructor(filterOptions?: XSS.IFilterXSSOptions, extendDefaults?: boolean); /** * Sanitizes value to remove invalid HTML tags. * * Note: If the value passed does not contain a valid JSON data type (String, * Number, JSON Object, Array, Boolean, or null), the value will be nullified. * * @param {any} value The value to sanitize. * @returns {any} The sanitized value. * @memberof Sanitizer */ sanitize(value: any, options?: ISanitizeOptions): any; /** * Sanitizes a URL string following the allowed protocols and sanitization rules. * * @param {string} value The URL to sanitize. * @param {{ isProtocolRequired: boolean }} options Configuration options for URL checking. * @returns {string} The sanitized URL if it's valid, or an empty string if the URL is invalid. */ sanitizeUrl(value: string, options?: { /** Whether a protocol must exist on the URL for it to be considered valid. Defaults to `true`. If `false` and the provided URL has no protocol, it will be automatically prefixed with `https://`. */ isProtocolRequired?: boolean; }): string; /** * Sanitizes an HTML attribute value. * * @param {string} tag The tagname of the HTML element. * @param {string} attribute The attribute name of the HTML element. * @param {string} value The raw value to be used for the HTML attribute value. * @param {XSS.ICSSFilter} [cssFilter] The CSS filter to be used. * @returns {string} The sanitized attribute value. * @memberof Sanitizer */ sanitizeHTMLAttribute(tag: string, attribute: string, value: string, cssFilter?: XSS.ICSSFilter): string; /** * Checks if a value only contains valid HTML. * * @param {any} value The value to validate. * @returns {boolean} * @memberof Sanitizer */ validate(value: any, options?: ISanitizeOptions): IValidationResponse; /** * Encodes the following characters, `& < > \" ' /` to their hexadecimal HTML entity code. * Example: "·" => "8middot;" * * @param {string} value The value to encode. * @returns {string} The encoded string value. * @memberof Sanitizer */ encodeHTML(value: string): string; /** * Encodes all non-alphanumeric ASCII characters to their hexadecimal HTML entity codes. * Example: "alert(document.cookie)" => "alert(document.cookie)" * * @param {string} value The value to encode. * @returns {string} The encoded string value. * @memberof Sanitizer */ encodeAttrValue(value: string): string; /** * Extends an object of arrays by by concatenating arrays of the same object * keys. If the if the previous key's value is not an array, the next key's * value will replace the previous key. This method is used for extending the * whiteList in the XSS filter options. * * @private * @param {Array<{}>} objects An array of objects. * @returns {{}} The extended object. * @memberof Sanitizer */ private _extendObjectOfArrays; /** * Iterate over a plain object or array to deeply sanitize each value. * * @private * @param {object} obj The object to iterate over. * @returns {(object | null)} The sanitized object. * @memberof Sanitizer */ private _iterateOverObject; /** * Trim whitespace from the start and ends of a string. * @param {string} val The string to trim. * @returns {string} The trimmed string. */ private _trim; } export default Sanitizer;