Documentation
¶
Overview ¶
Package gosanitizer provides production-grade input sanitization: HTML, SQL, path traversal, null-byte injection, Unicode normalization, struct-tag-driven bulk sanitization, and XSS prevention.
Index ¶
- func AllowURLSchemes(schemes ...string)
- func CollapseWhitespace(s string) string
- func ContainsSQLInjection(s string) bool
- func EscapeHTML(s string) string
- func EscapeSQL(s string) string
- func IsEmail(s string) bool
- func IsPathTraversal(p string) bool
- func IsValidUTF8(s string) bool
- func NormalizeUnicode(s string) string
- func RemoveNullBytes(s string) string
- func Sanitize(v interface{})
- func SanitizeAlphaNum(s string) string
- func SanitizeFilename(s string) string
- func SanitizeForDisplay(s string) string
- func SanitizePath(p string) string
- func SanitizePhone(s string) string
- func SanitizeSlug(s string) string
- func SanitizeURL(raw string) string
- func StripHTML(s string) string
- func TrimWhitespace(s string) string
- func Truncate(s string, maxRunes int) string
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AllowURLSchemes ¶
func AllowURLSchemes(schemes ...string)
AllowURLSchemes overrides the default allowed scheme set.
func CollapseWhitespace ¶
CollapseWhitespace reduces internal runs of whitespace to a single space.
func ContainsSQLInjection ¶
ContainsSQLInjection heuristically detects SQL injection patterns.
func EscapeHTML ¶
EscapeHTML encodes HTML special characters, preventing XSS.
func EscapeSQL ¶
EscapeSQL escapes single quotes and removes obvious SQL injection patterns. Prefer parameterised queries; use this as a last-resort defence-in-depth layer.
func IsPathTraversal ¶
IsPathTraversal reports whether the path contains traversal sequences.
func NormalizeUnicode ¶
NormalizeUnicode converts the string to NFC form and removes control characters.
func RemoveNullBytes ¶
RemoveNullBytes strips null bytes (0x00) from s.
func Sanitize ¶
func Sanitize(v interface{})
Sanitize walks a struct pointer and applies sanitization based on the `sanitize` struct tag. Supported tag values (comma-separated):
trim – TrimWhitespace html – StripHTML escape – EscapeHTML lower – strings.ToLower upper – strings.ToUpper slug – SanitizeSlug alphanum – SanitizeAlphaNum email – TrimWhitespace + lower phone – SanitizePhone url – SanitizeURL filename – SanitizeFilename nullbyte – RemoveNullBytes collapse – CollapseWhitespace display – SanitizeForDisplay
func SanitizeAlphaNum ¶
SanitizeAlphaNum removes all characters that are not letters or digits.
func SanitizeFilename ¶
SanitizeFilename removes characters illegal in file names across all OSes.
func SanitizeForDisplay ¶
SanitizeForDisplay sanitises user content for safe HTML display. It strips tags, escapes HTML entities, and removes event handlers.
func SanitizePath ¶
SanitizePath cleans a file path and prevents directory traversal. The result is always relative (no leading separator) and cannot escape root.
func SanitizePhone ¶
SanitizePhone strips non-phone characters and preserves +, -, (, ), digits, spaces.
func SanitizeSlug ¶
SanitizeSlug removes all characters that are not letters, digits, hyphens, or underscores.
func SanitizeURL ¶
SanitizeURL validates and normalises a URL. Returns an empty string if the URL is malformed or uses a disallowed scheme.
func TrimWhitespace ¶
TrimWhitespace trims all leading/trailing Unicode whitespace.
Types ¶
This section is empty.
Source Files