{"id":18561208,"url":"https://github.com/apostrophecms/launder","last_synced_at":"2025-04-10T02:31:28.700Z","repository":{"id":27539335,"uuid":"31020758","full_name":"apostrophecms/launder","owner":"apostrophecms","description":"A sanitizer module for the people. Built for Apostrophe.","archived":false,"fork":false,"pushed_at":"2023-05-05T13:56:34.000Z","size":91,"stargazers_count":4,"open_issues_count":1,"forks_count":3,"subscribers_count":11,"default_branch":"main","last_synced_at":"2025-04-03T05:30:03.643Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/apostrophecms.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2015-02-19T15:11:01.000Z","updated_at":"2023-05-23T13:24:09.000Z","dependencies_parsed_at":"2024-06-18T22:26:38.902Z","dependency_job_id":null,"html_url":"https://github.com/apostrophecms/launder","commit_stats":{"total_commits":57,"total_committers":12,"mean_commits":4.75,"dds":0.736842105263158,"last_synced_commit":"03ab30da97bea78cf55c027155e5c695c837c832"},"previous_names":[],"tags_count":14,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flaunder","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flaunder/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flaunder/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/apostrophecms%2Flaunder/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/apostrophecms","download_url":"https://codeload.github.com/apostrophecms/launder/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248144209,"owners_count":21054886,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-06T22:06:11.406Z","updated_at":"2025-04-10T02:31:28.433Z","avatar_url":"https://github.com/apostrophecms.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![CircleCI](https://circleci.com/gh/apostrophecms/launder/tree/master.svg?style=svg)](https://circleci.com/gh/apostrophecms/launder/tree/master)\n\n\u003ca href=\"https://apostrophecms.com/\"\u003e\u003cimg src=\"https://raw.github.com/apostrophecms/launder/master/logos/logo-box-madefor.png\" align=\"right\" /\u003e\u003c/a\u003e\n\nA sanitization module for the people. Built for use in the [ApostropheCMS](https://apostrophecms.com), useful for many other things.\n\n## Purpose\n\nLaunder can be used to sanitize strings, integers, floats, urls, and more. It's best for cases where you've already used front-end validation to encourage smart input, and now you want to make sure your inputs are reasonable.\n\nLaunder does not always assume your data is a string, which makes it highly compatible with the use of JSON to deliver data from browser to server. For instance, `launder.boolean` accepts the actual JavaScript values `true` and `false` as well as various string representations.\n\nLaunder's support for dates and times permits users to enter both in colloquial formats like `8/25` or `3pm` and \"just does the right thing,\" converting to `2015-08-25` and `15:00:00` respectively.\n\nIn addition to sanitization methods, Launder does contain a few other tools, such as `formatDate` and `formatTime` which simply output a Date object in the `2015-08-25` and `15:00:00` formats.\n\n## Usage\n\n```javascript\nconst launder = require('launder')();\n\napp.post('/form', function(req, res) {\n  const units = launder.integer(req.body.units, 0, 0, 100);\n  const birthdate = launder.date(req.body.birthdate);\n});\n```\n\nYou can also specify global options:\n\n```javascript\nconst launder = require('launder')({\n  filterTag: function(tag) { return tag.toLowerCase(); }\n});\n```\n\n## Frequently used methods\n\n### `launder.string(s, def)`\n\nConverts `s` to a string. `s` is coerced to a string, then leading and trailing whitespace is trimmed. If `def` is provided, it is returned when the string is empty or the value passed is not a string. If `def` is undefined, empty strings are left alone, and values that are not strings become empty strings.\n\n### `launder.strings(arr)`\n\nIf `arr` is an array, each element is sanitized with `launder.string`, and a new array containing the result is returned. If `arr` is not an array, an empty array is returned.\n\n### `launder.integer(i, def, min, max)`\n\nConverts `i` to an integer. `i` is first coerced to an integer, if needed; if it is an empty string, undefined or otherwise not convertible, `def` is returned. If `min` is provided, and the result would be less than `min`, `min` is returned. If `max` is provided, and the result would be greater than `max`, `max` is returned. If `def` is not provided, the default is `0`. If a number has a fractional part it is discarded, not rounded.\n\n### `launder.float(f, def, min, max)`\n\nConverts `f` to a floating-point number. `f` is first coerced to a floating-point number, if needed; if it is an empty string, undefined or otherwise not convertible, `def` is returned. If `min` is provided, and the result would be less than `min`, `min` is returned. If `max` is provided, and the result would be greater than `max`, `max` is returned. If `def` is not provided, the default is `0`.\n\n### `launder.url(s, def, httpsFix)`\n\nAttempts to ensure that `s` is a valid URL. This method allows only the `http:`, `https:`, `ftp:`, `mailto:`, `tel:` and `sms:` URL schemes, but does allow relative URLs.\n\nIt attempts to automatically fix common user mistakes such as typing: `www.mycompany.com` or `www.mycompany.com/my/page.html`, not supplying the URL protocol. By default it prepends `http://`. If `httpsFix` is `true`, it prepends `https://`.\n\n`s` is first sanitized with `launder.string()`.\n\n`def` is returned if the input is an empty string, not convertible to a URL, or suspicious (such as a `javascript:` URL). Spaces are removed as they are ignored by browsers in a surprising number of situations.\n\n### `launder.select(choice, choices, def)`\n\nSanitize a choice made via a `select` element. If `choice` is one of the `choices`, it is returned, otherwise `def` is returned. If `choices` is an array of objects, then `choice` is compared to the `value` property of each object to find a match.\n\nChoices can be numbers or strings. The choices and the input value are compared as strings. The matching choice is returned with its original type.\n\n### `launder.boolean(b, def)`\n\nSanitize a boolean value.\n\nIf the value is any of the following, `true` is returned:\n\n`true`\n`'true'`\n`'True'`\n`'t'`\n`'yes'`\n`'Yes'`\n`'y'`\n`'1'`\n*Any other string starting with `t`, `y`, `T`, `Y`, or `1`)*\n`1`\n\nNote that both the string `'1'` and the number `1` are accepted.\n\nIf `b` is not `true` or `false`, and `launder.string(b)` returns the empty string, then `false` is returned unless `def` is defined, in which case `def` is returned.\n\n### `launder.date(d, def, now)`\n\nConverts `d` to a date string in `YYYY-MM-DD` format, such as `2015-02-20`.\n\n`d` must be either a string or a `Date` object, otherwise `def` is returned. *If `def` is undefined, the current date is returned. If `def` is `null`, `null` is returned.*\n\n`now` can be the current date object for resolving ambiguous dates. If it is not provided, a new `Date` object is created.\n\nThe following date string formats are supported:\n\n`YYYY-MM-DD`\n`MM/DD/YYYY`\n`MM/DD/YY` (*)\n`MM/DD` (implies current year)\n\n(*) Implies the current century, unless the result would be more than 50 years in the future, in which case it implies the previous century. This works well for the popular usage of two-digit years. If it bothers you, use four-digit years!\n\n### `launder.time(t, def)`\n\nConverts `t` to a time string in `HH:MM:SS` format, such as `16:30:00`.\n\nThe following formats are accepted:\n\n`16:30:00`\n`16:30`\n`16`\n`1pm`\n`2:37am`\n`2:37:12am`\n`2PM` (case insensitive, in general)\n`2p` (`m` is optional)\n`2 pm` (spaces don't matter)\n`4:30a`\n\nIf `launder.string(t)` returns the empty string, `def` is returned. *If `def` is not provided, the current time is returned.*\n\n### `launder.tags(arr, filter)`\n\nSanitize an array of tags. All strings and numbers in the supplied array are passed through `launder.string`, then through `filter`. If `filter` is not passed, the `filterTag` function provided as an option when configuring `launder` is used. If that option is not passed, the default `filterTag` function is used.\n\nThe default `filterTag` function trims whitespace and converts to lowercase.\n\nAny elements which have been laundered to the empty string are discarded.\n\n### `launder.id(s, def)`\n\nSanitize an ID. For our purposes an ID is made up of the characters `A-Z`, `a-z`, `0-9` and `_`. An ID may begin with any of these characters. An ID must contain at least one character. `launder.string` is first used to coerce `s` to a string.\n\nIf any of these criteria are not met, `def` is returned.\n\n### `launder.ids(ids)`\n\nSanitize an array of IDs. Each element is passed through `launder.id`. Any IDs that do not meet the criteria are omitted from the returned array.\n\n## Miscellaneous methods\n\nWe use these a lot in Apostrophe, but they might not feel as relevant for other applications. Use them if you wish!\n\n### `launder.addBooleanFilterCriteria(options, name, criteria, def)`\n\nUse a tri-state filter value such as `'true'`, `'false'`, or `'any'` to build a MongoDB-style query criteria object.\n\n`options[name]` should be a string such as `'true'`, `'false'` or `'any'`.\n\n`criteria[name]` will then be set to `true`, `{ $ne: true }`, or left entirely unset.\n\nAny value accepted by `launder.boolean` is acceptable to specify `true` and `false`. Also, `null` is accepted as a synonym for `'any'`.\n\nIf `def` is not specified, the default behavior is `any`.\n\n### `launder.formatDate(date)`\n\nOutput the given `Date` object in `YYYY-MM-DD` format. This is the canonical date format for Apostrophe.\n\n### `launder.formatTime(date)`\n\nOutput the given `Date` object in `HH:mm:ss` format. This is the canonical time format for Apostrophe.\n\n### `launder.padInteger(i, places)`\n\nPads the specified integer with leading zeroes to ensure it has at least `places` digits and returns the resulting string.\n\n## About ApostropheCMS\n\n`launder` was created for use in ApostropheCMS, an open-source content management system built on Node.js. If you like `launder` you should definitely [check out apostrophecms.org](https://apostrophecms.com). Also be sure to visit us on [github](http://github.com/apostrophecms).\n\n## Support\n\nFeel free to open issues on [github](http://github.com/apostrophecms/launder).\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapostrophecms%2Flaunder","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fapostrophecms%2Flaunder","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fapostrophecms%2Flaunder/lists"}