sanitizer

package

v0.6.1 Latest Latest Go to latest Published: Nov 15, 2024 License: Apache-2.0 Imports: 3 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/darkrockmountain/gomail

Links

Open Source Insights

Documentation ¶

Overview ¶

Package sanitizer provides interfaces and default implementations for sanitizing email content.

Overview ¶

The sanitizer package defines an interface for content sanitization and provides default implementations for sanitizing plain text and HTML content. This allows for flexible and customizable content sanitization in the gomail project.

Usage ¶

To use the sanitizer package, you can either use the provided default implementations or create your own custom implementations of the Sanitizer interface and set them in the EmailMessage struct.

Example:

import (
    "github.com/darkrockmountain/gomail/sanitizer"
    "github.com/darkrockmountain/gomail/common"
	"html"
	"strings"
)

func main() {
    email := common.NewEmailMessage("sender@example.com", []string{"recipient@example.com"}, "Subject", "<p>HTML content</p>")

    customTextSanitizer := sanitizer.SanitizerFunc(func(content string) string {
        // Implement your custom sanitizer logic
        return strings.ToLower(strings.TrimSpace(content))
    })

    customHtmlSanitizer := sanitizer.SanitizerFunc(func(content string) string {
        // Implement your custom sanitizer logic
        return html.EscapeString(content)
    })

    email.SetCustomTextSanitizer(customTextSanitizer)
    email.SetCustomHtmlSanitizer(customHtmlSanitizer)
}

The sanitizer package is designed to be used in conjunction with the gomail project for flexible email content sanitization.

Index ¶

type Sanitizer
type SanitizerFunc
- func (f SanitizerFunc) Sanitize(message string) string

Examples ¶

SanitizerFunc

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Sanitizer ¶

type Sanitizer interface {
	// Sanitize sanitizes the provided content.
	// Parameters:
	// - content: The content to be sanitized.
	// Returns:
	// - string: The sanitized content.
	Sanitize(content string) string
}

Sanitizer defines a method for sanitizing content. Implement this interface to provide custom sanitization logic for email content.

func DefaultHtmlSanitizer ¶

func DefaultHtmlSanitizer() Sanitizer

DefaultHtmlSanitizer returns the singleton instance of defaultHtmlSanitizer.

defaultHtmlSanitizer provides a basic implementation of the Sanitizer interface for HTML content. It uses the bluemonday library to sanitize HTML content, ensuring that only user-generated content (UGC) is allowed. This helps prevent injection attacks by removing potentially dangerous tags and attributes.

Example:

hs := sanitizer.DefaultHtmlSanitizer()
sanitized := hs.Sanitize("<script>alert('xss')</script><b>Bold</b>")
// sanitized will be "<b>Bold</b>"

func DefaultTextSanitizer ¶

func DefaultTextSanitizer() Sanitizer

DefaultTextSanitizer returns the singleton instance of defaultTextSanitizer.

defaultTextSanitizer provides a basic implementation of the Sanitizer interface for plain text content. It sanitizes plain text content by escaping special characters and trimming whitespace.

Example:

ds := sanitizer.DefaultTextSanitizer()
sanitized := ds.Sanitize(" <script>alert('xss')</script> ")
// sanitized will be "&lt;script&gt;alert(&#39;xss&#39;)&lt;/script&gt;"

func NonSanitizer ¶

func NonSanitizer() Sanitizer

NonSanitizer returns the singleton instance of nonSanitizer.

nonSanitizer is an implementation of the Sanitizer interface that performs no sanitization. It returns the input text unchanged. This can be useful in scenarios where no sanitization is desired.

WARNING: Using nonSanitizer means that the input content will not be sanitized at all. Ensure that this is acceptable for your use case, as it may introduce security risks, such as injection attacks, if user input is not properly handled.

Example:

ns := sanitizer.NonSanitizer()
unsanitized := ns.Sanitize("<script>alert('xss')</script>")
// unsanitized will be "<script>alert('xss')</script>"

type SanitizerFunc ¶

type SanitizerFunc func(message string) string

SanitizerFunc type is an adapter that allows the use of ordinary functions as Sanitizers. If f is a function with the appropriate signature, SanitizerFunc(f) is a Sanitizer that calls f.

Example:

sanitizeFunc := sanitizer.SanitizerFunc(func(message string) string {
    // Implement your custom sanitizer logic
    return strings.ReplaceAll(strings.ToLower(strings.TrimSpace(message)), " ", "_")
})
sanitizedMessage := sanitizeFunc.Sanitize("  some text  ")
// sanitizedMessage will be "some_text"

Example ¶

package main

import (
	"fmt"
	"strings"

	"github.com/darkrockmountain/gomail/sanitizer"
)

func main() {
	sanitizeFunc := sanitizer.SanitizerFunc(func(message string) string {
		// Implement your custom sanitizer logic
		return strings.ReplaceAll(strings.ToLower(strings.TrimSpace(message)), " ", "_")
	})
	sanitizedMessage := sanitizeFunc.Sanitize("  some text  ")
	fmt.Println(sanitizedMessage)
}

Output:

some_text

func (SanitizerFunc) Sanitize ¶

func (f SanitizerFunc) Sanitize(message string) string

Sanitize calls the function f with the given message.

Parameters:

message: The content to be sanitized.

Returns:

string: The sanitized content.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL