Unveil some Unicode characters that are easily overlooked.
Although univeil can replace characters with a backslash notation,
it is about visibility, not security.
It might protect your terminal emulator from that U+0090 device control,
but it won't care about your database or shell, since most quotes and
backslashes are perfectly visible characters.
(For JSON quotes, try univeil.jsonify.)
Albeit an XML CharRef encoder is included, it usually won't be applied to the predefined entities, as they're perfectly visible. If you need them encoded as well, use xmlunidefuse instead.
- To fix decomposed vs. precomposed characters
(
'o\u0308'='ö'≠'ö'), use String#normalize.
From test.js:
var univeil = require('univeil'), cl = console.log, tmp;
cl(univeil("Hello world!")); //= `Hello world!`
cl(univeil("Hello snowman! ☃")); //= `Hel\u200Blo\u00A0snowman!\u205F☃`
cl(univeil("foo \t \r \n")); //= `foo \u0009 \u000D \u000A`
cl(univeil("\x1B \x7F \xA0 bar")); //= `\u001B \u007F \u00A0 bar`
tmp = '\\,\t,\r,\n,\b,\xA0,\f';
cl(univeil(tmp)); //= `\,\u0009,\u000D,\u000A,\u0008,\u00A0,\u000C`
cl(univeil(tmp, '\xA0\n')); // whitelist
//= `\,\u0009,\u000D,`
//= `,\u0008, ,\u000C`
cl(univeil(tmp, { '\xA0': '<nbsp>', '\n': '<nl>', '': '<?!>' })); // dict
//= `\,<?!>,<?!>,<nl>,<?!>,<nbsp>,<?!>`
cl(univeil(tmp, ' \n\xA0', { '': '' })); // whitelist + dict
//= `\,,,`
//= `,, ,`
cl(univeil(tmp, encodeURIComponent)); // custom translator function
//= `\,%09,%0D,%0A,%08,%C2%A0,%0C`
cl(univeil(tmp, univeil.xmlCharRef)); // some batteries included
//= `\,	, , ,, ,`
// For more variants, see "Custom translations" below.
tmp = [0, 1, 'nbsp=\xA0', 'devCtrl=\x90', { b: true }, null, -2];
cl(univeil.jsonify(tmp));
//= `[0,1,"nbsp=\u00A0","devCtrl=\u0090",{"b":true},null,-2]`
// Special reserved indentation "-1": spaces but no newlines.
cl(univeil.jsonify(tmp, null, -1));
//= `[0, 1, "nbsp=\u00A0", "devCtrl=\u0090", {"b": true}, null, -2]`
tmp = univeil.funcProxy(cl, null, ['/+'], { '\xA0': '<nbsp>' }, ['+/']);
tmp('hello\xA0world'); //= `/+ hello<nbsp>world +/`CLI:
$ head --lines=1 README.md | univeil
\uFEFF
ISC