[{"data":1,"prerenderedAt":245},["ShallowReactive",2],{"term-s\u002Fsanitization":3,"related-s\u002Fsanitization":225},{"id":4,"title":5,"acronym":6,"body":7,"category":205,"description":206,"difficulty":207,"extension":208,"letter":209,"meta":210,"navigation":101,"path":211,"related":212,"seo":219,"sitemap":220,"stem":223,"subcategory":6,"__hash__":224},"terms\u002Fterms\u002Fs\u002Fsanitization.md","Sanitization",null,{"type":8,"value":9,"toc":199},"minimark",[10,15,19,23,26,30,188,192,195],[11,12,14],"h2",{"id":13},"eli5-the-vibe-check","ELI5 — The Vibe Check",[16,17,18],"p",{},"Sanitization is cleaning up user input before using it — stripping out anything dangerous like script tags or SQL commands. Like a kitchen that washes vegetables before cooking. If you display or execute raw user input without sanitizing, you're basically cooking with mud and hoping for the best.",[11,20,22],{"id":21},"real-talk","Real Talk",[16,24,25],{},"Input sanitization transforms user-supplied data to remove or neutralize malicious content before processing or storage. It's a defense against XSS, SQL injection, and command injection. Libraries like DOMPurify (client-side) and validator.js (server-side) handle common sanitization tasks.",[11,27,29],{"id":28},"show-me-the-code","Show Me The Code",[31,32,37],"pre",{"className":33,"code":34,"language":35,"meta":36,"style":36},"language-javascript shiki shiki-themes material-theme-lighter material-theme material-theme-palenight","import DOMPurify from 'dompurify';\nimport { escape } from 'validator';\n\n\u002F\u002F Sanitize HTML content before rendering\nconst safeHtml = DOMPurify.sanitize(userHtml);\ndiv.innerHTML = safeHtml;\n\n\u002F\u002F Escape for plain text contexts\nconst safeText = escape(userInput); \u002F\u002F converts \u003C, >, &, ' to HTML entities\n","javascript","",[38,39,40,70,96,103,110,138,156,161,167],"code",{"__ignoreMap":36},[41,42,45,49,53,56,60,64,67],"span",{"class":43,"line":44},"line",1,[41,46,48],{"class":47},"s7zQu","import",[41,50,52],{"class":51},"sTEyZ"," DOMPurify ",[41,54,55],{"class":47},"from",[41,57,59],{"class":58},"sMK4o"," '",[41,61,63],{"class":62},"sfazB","dompurify",[41,65,66],{"class":58},"'",[41,68,69],{"class":58},";\n",[41,71,73,75,78,81,84,87,89,92,94],{"class":43,"line":72},2,[41,74,48],{"class":47},[41,76,77],{"class":58}," {",[41,79,80],{"class":51}," escape",[41,82,83],{"class":58}," }",[41,85,86],{"class":47}," from",[41,88,59],{"class":58},[41,90,91],{"class":62},"validator",[41,93,66],{"class":58},[41,95,69],{"class":58},[41,97,99],{"class":43,"line":98},3,[41,100,102],{"emptyLinePlaceholder":101},true,"\n",[41,104,106],{"class":43,"line":105},4,[41,107,109],{"class":108},"sHwdD","\u002F\u002F Sanitize HTML content before rendering\n",[41,111,113,117,120,123,126,129,133,136],{"class":43,"line":112},5,[41,114,116],{"class":115},"spNyl","const",[41,118,119],{"class":51}," safeHtml ",[41,121,122],{"class":58},"=",[41,124,125],{"class":51}," DOMPurify",[41,127,128],{"class":58},".",[41,130,132],{"class":131},"s2Zo4","sanitize",[41,134,135],{"class":51},"(userHtml)",[41,137,69],{"class":58},[41,139,141,144,146,149,151,154],{"class":43,"line":140},6,[41,142,143],{"class":51},"div",[41,145,128],{"class":58},[41,147,148],{"class":51},"innerHTML ",[41,150,122],{"class":58},[41,152,153],{"class":51}," safeHtml",[41,155,69],{"class":58},[41,157,159],{"class":43,"line":158},7,[41,160,102],{"emptyLinePlaceholder":101},[41,162,164],{"class":43,"line":163},8,[41,165,166],{"class":108},"\u002F\u002F Escape for plain text contexts\n",[41,168,170,172,175,177,179,182,185],{"class":43,"line":169},9,[41,171,116],{"class":115},[41,173,174],{"class":51}," safeText ",[41,176,122],{"class":58},[41,178,80],{"class":131},[41,180,181],{"class":51},"(userInput)",[41,183,184],{"class":58},";",[41,186,187],{"class":108}," \u002F\u002F converts \u003C, >, &, ' to HTML entities\n",[11,189,191],{"id":190},"when-youll-hear-this","When You'll Hear This",[16,193,194],{},"\"Sanitize all user input before storing it in the database.\" \u002F \"The comment was sanitized to remove XSS payloads.\"",[196,197,198],"style",{},"html pre.shiki code .s7zQu, html code.shiki .s7zQu{--shiki-light:#39ADB5;--shiki-light-font-style:italic;--shiki-default:#89DDFF;--shiki-default-font-style:italic;--shiki-dark:#89DDFF;--shiki-dark-font-style:italic}html pre.shiki code .sTEyZ, html code.shiki .sTEyZ{--shiki-light:#90A4AE;--shiki-default:#EEFFFF;--shiki-dark:#BABED8}html pre.shiki code .sMK4o, html code.shiki .sMK4o{--shiki-light:#39ADB5;--shiki-default:#89DDFF;--shiki-dark:#89DDFF}html pre.shiki code .sfazB, html code.shiki .sfazB{--shiki-light:#91B859;--shiki-default:#C3E88D;--shiki-dark:#C3E88D}html pre.shiki code .sHwdD, html code.shiki .sHwdD{--shiki-light:#90A4AE;--shiki-light-font-style:italic;--shiki-default:#546E7A;--shiki-default-font-style:italic;--shiki-dark:#676E95;--shiki-dark-font-style:italic}html pre.shiki code .spNyl, html code.shiki .spNyl{--shiki-light:#9C3EDA;--shiki-default:#C792EA;--shiki-dark:#C792EA}html pre.shiki code .s2Zo4, html code.shiki .s2Zo4{--shiki-light:#6182B8;--shiki-default:#82AAFF;--shiki-dark:#82AAFF}html .light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html.light .shiki span {color: var(--shiki-light);background: var(--shiki-light-bg);font-style: var(--shiki-light-font-style);font-weight: var(--shiki-light-font-weight);text-decoration: var(--shiki-light-text-decoration);}html .default .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .shiki span {color: var(--shiki-default);background: var(--shiki-default-bg);font-style: var(--shiki-default-font-style);font-weight: var(--shiki-default-font-weight);text-decoration: var(--shiki-default-text-decoration);}html .dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}html.dark .shiki span {color: var(--shiki-dark);background: var(--shiki-dark-bg);font-style: var(--shiki-dark-font-style);font-weight: var(--shiki-dark-font-weight);text-decoration: var(--shiki-dark-text-decoration);}",{"title":36,"searchDepth":72,"depth":72,"links":200},[201,202,203,204],{"id":13,"depth":72,"text":14},{"id":21,"depth":72,"text":22},{"id":28,"depth":72,"text":29},{"id":190,"depth":72,"text":191},"security","Sanitization is cleaning up user input before using it — stripping out anything dangerous like script tags or SQL commands.","beginner","md","s",{},"\u002Fterms\u002Fs\u002Fsanitization",[213,214,215,216,217,218],"Input Validation","Escape","Encoding","XSS","SQL Injection","OWASP Top 10",{"title":5,"description":206},{"changefreq":221,"priority":222},"weekly",0.7,"terms\u002Fs\u002Fsanitization","03FbqKIChxpkmEtOZdJNH0L8nSClLZl2fsaghg0_yvA",[226,229,232,235,238,242],{"title":215,"path":227,"acronym":6,"category":205,"difficulty":207,"description":228},"\u002Fterms\u002Fe\u002Fencoding","Encoding is converting data into a different format for safe transport or storage — not for security, but to prevent misinterpretation.",{"title":214,"path":230,"acronym":6,"category":205,"difficulty":207,"description":231},"\u002Fterms\u002Fe\u002Fescape","Escaping means converting special characters into their safe equivalents before putting them in HTML, SQL, or a shell command.",{"title":213,"path":233,"acronym":6,"category":205,"difficulty":207,"description":234},"\u002Fterms\u002Fi\u002Finput-validation","Input validation is checking that user input is what you expect before using it.",{"title":218,"path":236,"acronym":6,"category":205,"difficulty":207,"description":237},"\u002Fterms\u002Fo\u002Fowasp-top-10","The OWASP Top 10 is the security industry's greatest hits of web vulnerabilities — the 10 most common, dangerous ways apps get hacked.",{"title":217,"path":239,"acronym":6,"category":205,"difficulty":240,"description":241},"\u002Fterms\u002Fs\u002Fsql-injection","intermediate","SQL injection is when a hacker types SQL code into a text field instead of normal text, and your stupid database runs it.",{"title":216,"path":243,"acronym":216,"category":205,"difficulty":240,"description":244},"\u002Fterms\u002Fx\u002Fxss","XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.",1776518310790]