1. /**
  2. * Sanitizes user input for development purposes.
  3. * This function focuses on basic sanitization and is NOT suitable for production environments.
  4. * It's designed to help identify potential issues during development.
  5. *
  6. * @param {string} input The user input to sanitize.
  7. * @returns {string} The sanitized input.
  8. */
  9. function sanitizeInput(input) {
  10. // 1. Remove HTML tags (basic). More robust libraries exist for production.
  11. input = input.replace(/<[^>]*>/g, "");
  13. // 2. Escape special characters. Important to prevent XSS.
  14. input = input.replace(/&/g, "&amp;");
  15. input = input.replace(/</g, "&lt;");
  16. input = input.replace(/>/g, "&gt;");
  17. input = input.replace(/"/g, "&quot;");
  18. input = input.replace(/'/g, "&#039;");
  20. // 3. Limit length to prevent buffer overflows. Adjust as needed.
  21. if (input.length > 255) {
  22. input = input.substring(0, 255);
  23. }
  25. // 4. Remove control characters (e.g., newline, tab). Helps prevent unexpected behavior.
  26. input = input.replace(/\x00/g, ""); //Null character
  27. input = input.replace(/\x09/g, ""); //Tab
  28. input = input.replace(/\x0A/g, ""); //Newline
  29. input = input.replace(/\x0D/g, ""); //Carriage return
  31. // 5. Basic character filtering - remove potentially harmful characters.
  32. input = input.replace(/[`~]/g, ""); //Remove brackets and tildes
  33. input = input.replace(/\\/g, ""); // Remove backslashes
  35. // Return the sanitized input.
  36. return input;
  37. }

Add your comment