https://github.com/dwisiswant0/cox

Cox is bluemonday-wrapper to perform a deep-clean and/or sanitization of (nested-)interfaces from HTML to prevent XSS payloads.
https://github.com/dwisiswant0/cox

Last synced: 4 months ago
JSON representation

Cox is bluemonday-wrapper to perform a deep-clean and/or sanitization of (nested-)interfaces from HTML to prevent XSS payloads.

• Host: GitHub
• URL: https://github.com/dwisiswant0/cox
• Owner: dwisiswant0
• License: mit
• Created: 2022-03-07T10:46:06.000Z (over 3 years ago)
• Default Branch: master
• Last Pushed: 2022-12-29T03:25:24.000Z (almost 3 years ago)
• Last Synced: 2025-04-04T20:51:26.613Z (6 months ago)
• Language: Go
• Homepage:
• Size: 7.81 KB
• Stars: 12
• Watchers: 3
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

          
# cox

[![GoDoc](https://godoc.org/github.com/dwisiswant0/cox?status.svg)](https://pkg.go.dev/github.com/dwisiswant0/cox)

Cox is [bluemonday](https://github.com/microcosm-cc/bluemonday)-wrapper to perform a deep-clean and/or sanitization of (nested-)interfaces from HTML to prevent XSS payloads. It'll sanitize all fields in the structure, supports fields with _(slice of, and/or just)_ `string` and `byte` types.

## Install

	NOTE: Go1.18+ compiler should be installed & configured.

It's fairly simple!

```console

go get -u github.com/dwisiswant0/cox

```

## Usage

You can import `cox` using a basic statement:

```golang

import (

	"github.com/dwisiswant0/cox"

	"github.com/dwisiswant0/cox/policy"

)

```

### Examples

```golang

t := T{/* ... */}

t = cox.Clean[T](t, policy.Strict) // Sanitizing with strict policy, returning to its type

// For pointer, use cox.CleanPtr method.

```

> Kind of policy: `Blank`, `UGC` and `Strict`. See [policy](https://pkg.go.dev/github.com/dwisiswant0/cox/policy).

#### Additional policies

If you want additional policies, you can add some of them as variadic arguments at the end.

```golang

p := bluemonday.NewPolicy()

t := T{/* ... */}

t = cox.Clean[T](t, policy.Blank, p.AllowRelativeURLs(true), p.AllowElements("br", "div", "hr", "p", "span"))

```

> See [bluemonday documentation index](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#pkg-index) as a reference for any methods that support policy returns.

### Workaround

The following is an example of how this library is implemented & works:

```golang

type Info struct {

	Fname string

	Lname string

	Phone int64

	Notes []string

	Story []byte

}

func main() {

	i := &Info{

		Fname: "Foo",

		Lname: "Bar",

		Phone: 911,

		Notes: []string{

			"Hello,",

			`worldalert("world")!`,

		},

		Story: []byte(`


Lorem
 
ipsum.

`),

	}

	i = cox.CleanPtr[Info](i, policy.Strict)


	fmt.Printf("%+v\n", i)

	// Output:

	// &{Fname:Foo Lname:Bar Phone:911 Notes:[Hello, world!] Story:[76 111 114 101 109 32 105 112 115 117 109 46]}

}

```

## Why this name?

Mbuh, cok!

> F\*ck! Dunno.

## Limitations

Nested types only work for pointer, not struct.

## License

**cox** is distributed under MIT. See `LICENSE`.