sanitize

package module
v1.5.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 6, 2026 License: MIT Imports: 7 Imported by: 32

README

🛁  go-sanitize

Lightweight Go library providing robust string sanitization and normalization utilities.


Release Go Version License


CI / CD    Build Last Commit      Quality    Go Report Coverage
Security    Scorecard Security      Community    Contributors Bitcoin


Project Navigation
🚀 Installation 💡 Usage 🧪 Examples & Tests
📚 Documentation 🛠️ Code Standards ⚡ Benchmarks
🤖 AI Usage ⚖️ License 🤝 Contributing
👥 Maintainers

📦 Installation

go-sanitize requires a supported release of Go.

go get -u github.com/mrz1836/go-sanitize

💡 Usage

Here is a basic example of how to use go-sanitize in your Go project:

package main

import (
    "fmt"
    "github.com/mrz1836/go-sanitize"
)

func main() {
	// Sanitize a string to remove unwanted characters
	input := "Hello, World! @2025"
	sanitized := sanitize.AlphaNumeric(input, false) // true to keep spaces

	// Output: "Sanitized String: HelloWorld2025"
	fmt.Println("Sanitized String:", sanitized)
}
  • Explore additional usage examples for practical integration patterns
  • Review benchmark results to assess performance characteristics
  • Examine the comprehensive test suite for validation and coverage
  • Fuzz tests are available to ensure robustness against unexpected inputs

📚 Documentation

View the generated documentation

Heads up! go-sanitize is intentionally light on dependencies. The only external package it uses is the excellent testify suite—and that's just for our tests. You can drop this library into your projects without dragging along extra baggage.


Features
  • Alpha and alphanumeric sanitization with optional spaces
  • Bitcoin and Bitcoin Cash address sanitizers
  • Custom regular expression helper for arbitrary patterns
  • Precompiled regex sanitizer for repeated patterns
  • Decimal, domain, email and IP address normalization
  • HTML and XML stripping with script removal
  • URI, URL and XSS sanitization
Functions
  • Alpha: Remove non-alphabetic characters, optionally keep spaces
  • AlphaNumeric: Remove non-alphanumeric characters, optionally keep spaces
  • BitcoinAddress: Filter input to valid Bitcoin address characters
  • BitcoinCashAddress: Filter input to valid Bitcoin Cash address characters
  • Custom: Use a custom regex to filter input (legacy)
  • CustomCompiled: Use a precompiled custom regex to filter input (suggested)
  • Decimal: Keep only decimal or float characters
  • Domain: Sanitize domain, optionally preserving case and removing www
  • Email: Normalize an email address
  • FirstToUpper: Capitalize the first letter of a string
  • FormalName: Keep only formal name characters
  • HTML: Strip HTML tags
  • IPAddress: Return sanitized and valid IPv4 or IPv6 address
  • Numeric: Remove all but numeric digits
  • PhoneNumber: Keep digits and plus signs for phone numbers
  • PathName: Sanitize to a path-friendly name
  • Punctuation: Allow letters, numbers and basic punctuation
  • ScientificNotation: Keep characters valid in scientific notation
  • Scripts: Remove scripts, iframe and object tags
  • SingleLine: Replace line breaks and tabs with spaces
  • Time: Keep only valid time characters
  • URI: Keep characters allowed in a URI
  • URL: Keep characters allowed in a URL
  • XML: Strip XML tags
  • XSS: Remove common XSS attack strings

Additional Documentation & Repository Management
Development Setup (Getting Started)

Install MAGE-X build tool for development:

# Install MAGE-X for development and building
go install github.com/mrz1836/mage-x/cmd/magex@latest
magex update:install
Library Deployment

This project uses goreleaser for streamlined binary and library deployment to GitHub. To get started, install it via:

brew install goreleaser

The release process is defined in the .goreleaser.yml configuration file.

Then create and push a new Git tag using:

magex version:bump bump=patch push

This process ensures consistent, repeatable releases with properly versioned artifacts and citation metadata.

Build Commands

View all build commands

magex help
GitHub Workflows

All workflows are driven by modular configuration in .github/env/ — no YAML editing required.

View all workflows and the control center →

Updating Dependencies

To update all dependencies (Go modules, linters, and related tools), run:

magex deps:update

This command ensures all dependencies are brought up to date in a single step, including Go modules and any managed tools. It is the recommended way to keep your development environment and CI in sync with the latest versions.


🧪 Examples & Tests

All unit tests and fuzz tests run via GitHub Actions and use Go version 1.18.x. View the configuration file.

Run all tests (fast):

magex test

Run all tests with race detector (slower):

magex test:race

⚡ Benchmarks

Run the Go benchmarks:

magex bench

Benchmark Results
Benchmark Iterations ns/op B/op allocs/op
Alpha 14,018,806 84.89 24 1
Alpha_WithSpaces 12,664,946 94.25 24 1
AlphaNumeric 9,161,546 130.6 32 1
AlphaNumeric_WithSpaces 7,978,879 150.8 32 1
BitcoinAddress 8,843,929 137.1 48 1
BitcoinCashAddress 5,892,612 196.2 48 1
Custom (Legacy) 938,733 1,249.0 913 16
CustomCompiled 1,576,502 762.3 96 5
Decimal 16,285,825 73.91 24 1
Domain 4,784,115 251.6 176 3
Domain_PreserveCase 5,594,325 213.9 160 2
Domain_RemoveWww 4,771,556 251.0 176 3
Email 8,380,172 144.2 48 2
Email_PreserveCase 13,468,302 90.06 24 1
FirstToUpper 57,342,418 20.60 16 1
FormalName 14,557,754 83.12 24 1
HTML 2,558,787 468.5 48 3
IPAddress 11,388,638 102.7 32 2
IPAddress_IPV6 3,434,715 350.9 96 2
Numeric 22,661,516 52.92 16 1
PhoneNumber 17,502,224 68.84 24 1
PathName 13,881,150 86.58 24 1
Punctuation 7,377,070 162.3 48 1
ScientificNotation 19,399,621 61.62 24 1
Scripts 2,060,790 580.6 16 1
SingleLine 9,777,549 123.5 32 1
Time 21,270,655 55.92 16 1
URI 9,005,937 133.4 32 1
URL 8,989,400 135.2 32 1
XML 4,351,617 275.7 48 3
XSS 3,302,917 362.9 40 2

These benchmarks reflect fast, allocation-free lookups for most retrieval functions, ensuring optimal performance in production environments. Performance benchmarks for the core functions in this library, executed on an Apple M1 Max (ARM64).


🛠️ Code Standards

Read more about this Go project's code standards.


🤖 AI Usage & Assistant Guidelines

Read the AI Usage & Assistant Guidelines for details on how AI is used in this project and how to interact with the AI assistants.


👥 Maintainers

MrZ
MrZ

🤝 Contributing

View the contributing guidelines and please follow the code of conduct.

How can I help?

All kinds of contributions are welcome 🙌! The most basic way to show your support is to star 🌟 the project, or to raise issues 💬. You can also support this project by becoming a sponsor on GitHub 👏 or by making a bitcoin donation to ensure this journey continues indefinitely! 🚀

Stars


📝 License

License

Documentation

Overview

Package sanitize (go-sanitize) implements a simple library of various sanitation methods for data transformation.

This package provides a collection of functions to sanitize and transform different types of data, such as strings, URLs, email addresses, and more. It is designed to help developers clean and format input data to ensure it meets specific criteria and is safe for further processing.

Features: - Sanitize alpha and alphanumeric characters - Sanitize Bitcoin and Bitcoin Cash addresses - Custom regex-based sanitization - Sanitize decimal numbers and scientific notation - Sanitize domain names, email addresses, and IP addresses - Remove HTML/XML tags and scripts - Sanitize URIs and URLs - Handle XSS attack strings

Usage: To use this package, import it and call the desired sanitization function with the input data. Each function is documented with examples in the `sanitize_example_test.go` file.

If you have any suggestions or comments, please feel free to open an issue on this project's GitHub page.

Index

Examples

Constants

This section is empty.

Variables

View Source 
var ErrNilRegexp = errors.New("regular expression cannot be nil")

ErrNilRegexp indicates that a nil regular expression was provided.

Functions

func Alpha 

func Alpha(original string, spaces bool) string

Alpha returns a string containing only Unicode alphabetic characters from the input. Optionally, it preserves spaces if the `spaces` parameter is set to true. All non-alphabetic characters (and spaces, if not preserved) are removed. This function supports Unicode letters (IsLetter) and is useful for sanitizing names or text fields where only letters (and optional spaces) are allowed.

Parameters:

  • original: The input string to be sanitized.
  • spaces: If true, spaces are preserved in the output; otherwise, they are removed.

Returns:

  • A sanitized string containing only Unicode alphabetic characters and, optionally, spaces.

Example: 

input := "Hello, 世界! 123"
result := sanitize.Alpha(input, true)
fmt.Println(result) // Output: "Hello 世界"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleAlpha example using Alpha() and no spaces flag 

fmt.Println(sanitize.Alpha("Example String!", false))

Output:
ExampleString
Example (WithSpaces)

ExampleAlpha_withSpaces example using Alpha with a space flag 

fmt.Println(sanitize.Alpha("Example String!", true))

Output:
Example String

func AlphaNumeric 

func AlphaNumeric(original string, spaces bool) string

AlphaNumeric returns a string containing only Unicode alphanumeric characters from the input. Optionally, it preserves spaces if the `spaces` parameter is set to true. All non-alphanumeric characters (and spaces, if not preserved) are removed. This function supports Unicode letters and digits, making it suitable for sanitizing user input, filenames, or any text where only letters, numbers, and optional spaces are allowed.

Parameters:

  • original: The input string to be sanitized.
  • spaces: If true, spaces are preserved in the output; otherwise, they are removed.

Returns:

  • A sanitized string containing only Unicode alphanumeric characters and, optionally, spaces.

Example: 

input := "Hello, 世界! 123"
result := sanitize.AlphaNumeric(input, true)
fmt.Println(result) // Output: "Hello 世界 123"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleAlphaNumeric example using AlphaNumeric() with no spaces 

fmt.Println(sanitize.AlphaNumeric("Example String 2!", false))

Output:
ExampleString2
Example (WithSpaces)

ExampleAlphaNumeric_withSpaces example using AlphaNumeric() with spaces 

fmt.Println(sanitize.AlphaNumeric("Example String 2!", true))

Output:
Example String 2

func BitcoinAddress added in v1.0.5 

func BitcoinAddress(original string) string

BitcoinAddress returns a sanitized string containing only valid characters for a Bitcoin address. This function removes any characters that are not part of the accepted Bitcoin address format.

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string containing only valid Bitcoin address characters.

Example: 

input := "1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa!@#"
result := sanitize.BitcoinAddress(input)
fmt.Println(result) // Output: "1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleBitcoinAddress example using BitcoinAddress() 

fmt.Println(sanitize.BitcoinAddress(":1K6c7LGpdB8LwoGNVfG51dRV9UUEijbrWs!"))

Output:
1K6c7LGpdB8LwoGNVfG51dRV9UUEijbrWs

func BitcoinCashAddress added in v1.0.6 

func BitcoinCashAddress(original string) string

BitcoinCashAddress returns a sanitized string containing only valid characters for a Bitcoin Cash address (cashaddr format). This function removes any characters that are not part of the accepted Bitcoin Cash address format.

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string containing only valid Bitcoin Cash address characters.

Example: 

input := "bitcoincash:qpm2qsznhks23z7629mms6s4cwef74vcwvy22gdx6a!@#"
result := sanitize.BitcoinCashAddress(input)
fmt.Println(result) // Output: "bitcoincash:qpm2qsznhks23z7629mms6s4cwef74vcwvy22gdx6a"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleBitcoinCashAddress example using BitcoinCashAddress() `cashaddr` 

fmt.Println(sanitize.BitcoinAddress("qze7yy2au5vuznvn8lzj5y0j5t066vhs75e3m0eptz!"))

Output:
qze7yy2au5vuznvn8zj5yj5t66vhs75e3meptz

func Custom 

func Custom(original, regExp string) string

Custom uses a custom regex string and returns the sanitized result. This function allows for flexible sanitization based on user-defined regular expressions.

This function allows for flexible sanitization based on user-defined regular expressions. It panics if the provided regular expression cannot be compiled successfully.

Parameters: - original: The input string to be sanitized. - regExp: A string representing the custom regular expression to be used for sanitization.

Returns: - A sanitized string based on the provided regular expression.

Example: 

input := "Hello, World! 123"
customRegExp := `[^a-zA-Z\s]`
result := sanitize.Custom(input, customRegExp)
fmt.Println(result) // Output: "Hello World"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleCustom example using Custom() using an alpha regex 

fmt.Println(sanitize.Custom("Example String 2!", `[^a-zA-Z]`))

Output:
ExampleString
Example (Numeric)

ExampleCustom_numeric example using Custom() using a numeric regex 

fmt.Println(sanitize.Custom("Example String 2!", `[^0-9]`))

Output:
2

func CustomCompiled added in v1.4.0 

func CustomCompiled(original string, re *regexp.Regexp) (string, error)

CustomCompiled returns a sanitized string using a pre-compiled regular expression. This function provides better performance when the same pattern is reused across multiple calls. If the provided regular expression is nil, an error is returned.

Parameters: - original: The input string to be sanitized. - re: A compiled regular expression used for sanitization.

Returns: - A sanitized string based on the provided regular expression. - An error if the regular expression is nil.

Example: 

input := "Hello, World! 123"
customRegExp := regexp.MustCompile(`[^a-zA-Z\s]`)
result := sanitize.CustomCompiled(input, customRegExp)
fmt.Println(result) // Output: "Hello World"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleCustomCompiled example using CustomCompiled with an alpha regex 

re := regexp.MustCompile(`[^a-zA-Z]`)
result, err := sanitize.CustomCompiled("Example String 2!", re)
fmt.Println(result, err)

Output:
ExampleString <nil>

func Decimal 

func Decimal(original string) string

Decimal returns a sanitized string containing only decimal/float values, including positive and negative numbers. This function removes any characters that are not part of the accepted decimal format and validates that decimal points and minus signs are placed correctly to form valid numeric strings.

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string containing only valid decimal/float values.

Example: 

input := "The price is -123.45 USD"
result := sanitize.Decimal(input)
fmt.Println(result) // Output: "-123.45"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleDecimal example using Decimal() for a positive number 

fmt.Println(sanitize.Decimal("$ 99.99!"))

Output:
99.99
Example (Negative)

ExampleDecimal_negative example using Decimal() for a negative number 

fmt.Println(sanitize.Decimal("$ -99.99!"))

Output:
-99.99

func Domain 

func Domain(original string, preserveCase, removeWww bool) (string, error)

Domain returns a properly formatted hostname or domain name. This function can preserve the case of the original input or convert it to lowercase, and optionally remove the "www" subdomain.

Parameters: - original: The input string to be sanitized. - preserveCase: A boolean flag indicating whether to preserve the case of the original input. - removeWww: A boolean flag indicating whether to remove the "www" subdomain.

Returns: - A sanitized string containing a valid hostname or domain name. - An error if the URL parsing fails.

Example: 

input := "www.Example.com"
result, err := sanitize.Domain(input, false, true)
if err != nil {
    log.Fatal(err)
}
fmt.Println(result) // Output: "example.com"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleDomain example using Domain() 

fmt.Println(sanitize.Domain("https://www.Example.COM/?param=value", false, false))

Output:
www.example.com <nil>
Example (PreserveCase)

ExampleDomain_preserveCase example using Domain() and preserving the case 

fmt.Println(sanitize.Domain("https://www.Example.COM/?param=value", true, false))

Output:
www.Example.COM <nil>
Example (RemoveWww)

ExampleDomain_removeWww example using Domain() and removing the www subdomain 

fmt.Println(sanitize.Domain("https://www.Example.COM/?param=value", false, true))

Output:
example.com <nil>

func Email 

func Email(original string, preserveCase bool) string

Email returns a sanitized email address string. Email addresses are forced to lowercase by default and remove any MailTo prefixes (case-insensitive).

Parameters: - original: The input string to be sanitized. - preserveCase: A boolean flag indicating whether to preserve the case of the original input.

Returns: - A sanitized string containing a valid email address.

Example: 

input := "MailTo:Example@DOMAIN.com"
result := sanitize.Email(input, false)
fmt.Println(result) // Output: "example@domain.com"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleEmail example using Email() 

fmt.Println(sanitize.Email("mailto:Person@Example.COM", false))

Output:
person@example.com
Example (PreserveCase)

ExampleEmail_preserveCase example using Email() and preserving the case 

fmt.Println(sanitize.Email("mailto:Person@Example.COM", true))

Output:
Person@Example.COM

func FirstToUpper 

func FirstToUpper(original string) string

FirstToUpper returns a copy of the input string with the first Unicode letter converted to its uppercase form, leaving the rest of the string unchanged. If the input is empty, it returns an empty string. If the input is a single character, it returns the uppercase version of that character. This function supports multibyte (UTF-8) characters and is useful for capitalizing names, titles, or any string where only the first character should be uppercased.

Parameters: - original: The input string to be processed.

Returns: - A string with the first character uppercased and the remainder unchanged.

Example: 

input := "hello world"
result := sanitize.FirstToUpper(input)
fmt.Println(result) // Output: "Hello world"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleFirstToUpper example using FirstToUpper() 

fmt.Println(sanitize.FirstToUpper("this works"))

Output:
This works

func FormalName 

func FormalName(original string) string

FormalName returns a sanitized string containing only characters recognized in formal names or surnames. This function removes any characters that are not part of the accepted formal name format, including support for Unicode letters to handle international names properly.

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string containing only valid formal name characters.

Example: 

input := "John D'oe, Jr."
result := sanitize.FormalName(input)
fmt.Println(result) // Output: "John D'oe, Jr."

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleFormalName example using FormalName() 

fmt.Println(sanitize.FormalName("John McDonald Jr.!"))

Output:
John McDonald Jr.

func HTML 

func HTML(original string) string

HTML returns a string without any HTML tags. This function removes all HTML tags from the input string, leaving only the text content.

Parameters: - original: The input string containing HTML tags to be sanitized.

Returns: - A sanitized string with all HTML tags removed.

Example: 

input := "<div>Hello <b>World</b>!</div>"
result := sanitize.HTML(input)
fmt.Println(result) // Output: "Hello World!"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleHTML example using HTML() 

fmt.Println(sanitize.HTML("<body>This Works?</body>"))

Output:
This Works?

func IPAddress 

func IPAddress(original string) string

IPAddress returns a sanitized IP address string for both IPv4 and IPv6 formats. This function removes any invalid characters from the input string and attempts to parse it as an IP address. If the input string does not contain a valid IP address, an empty string is returned.

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string containing a valid IP address, or an empty string if the input is not a valid IP address.

Example: 

input := "192.168.1.1!@#"
result := sanitize.IPAddress(input)
fmt.Println(result) // Output: "192.168.1.1"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleIPAddress example using IPAddress() for IPV4 address 

fmt.Println(sanitize.IPAddress(" 192.168.0.1 "))

Output:
192.168.0.1
Example (Ipv6)

ExampleIPAddress_ipv6 example using IPAddress() for IPV6 address 

fmt.Println(sanitize.IPAddress(" 2602:305:bceb:1bd0:44ef:fedb:4f8f:da4f "))

Output:
2602:305:bceb:1bd0:44ef:fedb:4f8f:da4f

func Numeric 

func Numeric(original string) string

Numeric returns a string containing only numeric characters (0-9) from the input. All non-digit characters are removed. This function supports Unicode digit runes and is useful for extracting numbers from user input, phone numbers, IDs, or any text where only digits should be retained.

Parameters:

  • original: The input string to be sanitized.

Returns:

  • A string containing only numeric characters.

Example: 

input := "Phone: 123-456-7890 ext. 42"
result := sanitize.Numeric(input)
fmt.Println(result) // Output: "123456789042"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleNumeric example using Numeric() 

fmt.Println(sanitize.Numeric("This:123 + 90!"))

Output:
12390

func PathName 

func PathName(original string) string

PathName returns a sanitized string suitable for use as a file or directory name. It removes any characters that are not ASCII letters (a-z, A-Z), digits (0-9), hyphens (-), or underscores (_), ensuring the result is safe for use as a path component on most filesystems. This function is useful for normalizing user input, generating safe filenames, or cleaning up strings for use in file paths.

Parameters:

  • original: The input string to be sanitized.

Returns:

  • A sanitized string containing only valid path name characters.

Example: 

input := "file:name/with*invalid|chars"
result := sanitize.PathName(input)
fmt.Println(result) // Output: "filenamewithinvalidchars"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleNumeric example using PathName() 

fmt.Println(sanitize.PathName("/This-Works_Now-123/!"))

Output:
This-Works_Now-123

func PhoneNumber added in v1.4.2 

func PhoneNumber(original string) string

PhoneNumber returns a sanitized string containing only numeric digits and the plus sign (+).

This function is useful for normalizing phone numbers by stripping away characters like spaces, dashes, parentheses, and extensions while preserving any leading international prefix.

Parameters:

  • original: The input string representing a phone number to be sanitized.

Returns:

  • A sanitized phone number consisting solely of digits and plus signs.

Example: 

input := "+1 (234) 567-8900"
result := sanitize.PhoneNumber(input)
fmt.Println(result) // Output: "+12345678900"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExamplePhoneNumber example using PhoneNumber() 

fmt.Println(sanitize.PhoneNumber("+1 (234) 567-8900"))

Output:
+12345678900

func Punctuation 

func Punctuation(original string) string

Punctuation returns a sanitized string containing only alphanumeric characters and common punctuation. It removes any characters that are not Unicode letters, digits, or standard punctuation marks such as hyphens (-), apostrophes ('), double quotes ("), hash (#), ampersand (&), exclamation mark (!), question mark (?), comma (,), period (.), or whitespace. This function is useful for cleaning user input, preserving readable punctuation in sentences, or preparing text for display where only basic punctuation is allowed.

Parameters:

  • original: The input string to be sanitized.

Returns:

  • A sanitized string containing only alphanumeric characters and common punctuation.

Example: 

input := "Hello, World! How's it going? (Good, I hope.) @2024"
result := sanitize.Punctuation(input)
fmt.Println(result) // Output: "Hello, World! How's it going? Good, I hope."

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExamplePunctuation example using Punctuation() 

fmt.Println(sanitize.Punctuation(`[@"Does" 'this' work?@] this too`))

Output:
"Does" 'this' work? this too

func ScientificNotation added in v1.3.1 

func ScientificNotation(original string) string

ScientificNotation returns a sanitized string containing only valid characters for scientific notation. This function removes any characters that are not part of the accepted scientific notation format, including digits (0-9), decimal points, and the characters 'e', 'E', '+', and '-'.

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string containing only valid scientific notation characters.

Example: 

input := "The value is 1.23e+10 and 4.56E-7."
result := sanitize.ScientificNotation(input)
fmt.Println(result) // Output: "1.23e+104.56E-7"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleScientificNotation example using ScientificNotation() for a positive number 

fmt.Println(sanitize.ScientificNotation("$ 1.096e-3!"))

Output:
1.096e-3

func Scripts 

func Scripts(original string) string

Scripts removes all script, iframe, embed, and object tags from the input string. This function is designed to sanitize input by removing potentially harmful tags that can be used for cross-site scripting (XSS) attacks or other malicious purposes.

Parameters: - original: The input string containing HTML or script tags to be sanitized.

Returns: - A sanitized string with all script, iframe, embed, and object tags removed.

Example: 

input := "<script>alert('test');</script><iframe src='example.com'></iframe>"
result := sanitize.Scripts(input)
fmt.Println(result) // Output: "alert('test');"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleScripts example using Scripts() 

fmt.Println(sanitize.Scripts(`Does<script>This</script>Work?`))

Output:
DoesWork?

func SingleLine 

func SingleLine(original string) string

SingleLine returns a sanitized version of the input string as a single line of text. It replaces all carriage returns (`\r`), line feeds (`\n`), tabs (`\t`), vertical tabs (`\v`), and form feeds (`\f`) with a single space character, effectively flattening multi-line or formatted input into a single line. This is useful for normalizing user input, log entries, or any text that should not contain line breaks or special whitespace.

Parameters: - original: The input string to be sanitized.

Returns: - A single-line string with all line breaks and special whitespace replaced by spaces.

Example: 

input := "This is a\nmulti-line\tstring."
result := sanitize.SingleLine(input)
fmt.Println(result) // Output: "This is a multi-line string."

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleSingleLine example using SingleLine() 

fmt.Println(sanitize.SingleLine(`Does
This
Work?`))

Output:
Does This Work?

func Time 

func Time(original string) string

Time returns just the time part of the string. This function removes any characters that are not valid in a time format (HH:MM or HH:MM:SS), ensuring the resulting string contains only valid time characters.

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string containing only valid time characters.

Example: 

input := "t00:00d -EST"
result := sanitize.Time(input)
fmt.Println(result) // Output: "00:00"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleTime example using Time() 

fmt.Println(sanitize.Time(`Time 01:02:03!`))

Output:
01:02:03

func URI 

func URI(original string) string

URI returns a sanitized string containing only valid URI characters from the input. It removes any characters that are not allowed in URIs, including only Unicode letters, digits, dashes (-), underscores (_), slashes (/), question marks (?), ampersands (&), equals signs (=), hashes (#), and percent signs (%). This function is useful for cleaning user input, query strings, or any text that should conform to URI formatting rules.

Parameters:

  • original: The input string to be sanitized.

Returns:

  • A sanitized string containing only valid URI characters.

Example: 

input := "Test?=what! &this=that"
result := sanitize.URI(input)
fmt.Println(result) // Output: "Test?=what&this=that"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleURI example using URI() 

fmt.Println(sanitize.URI("/This/Works?^No&this"))

Output:
/This/Works?No&this

func URL 

func URL(original string) string

URL returns a sanitized, URL-friendly string containing only valid URL characters. It removes any characters that are not allowed in URLs, preserving only Unicode letters, digits, dashes (-), underscores (_), slashes (/), colons (:), periods (.), commas (,), question marks (?), ampersands (&), at signs (@), equals signs (=), hashes (#), and percent signs (%). This function is useful for cleaning user input, constructing safe URLs, or normalizing strings for use in web addresses, query parameters, or file paths.

Parameters:

  • original: The input string to be sanitized.

Returns:

  • A sanitized string containing only valid URL characters.

Example: 

input := "https://Example.com/This/Works?^No&this"
result := sanitize.URL(input)
fmt.Println(result) // Output: "https://Example.com/This/Works?No&this"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleURL example using URL() 

fmt.Println(sanitize.URL("https://Example.com/This/Works?^No&this"))

Output:
https://Example.com/This/Works?No&this

func XML 

func XML(original string) string

XML returns a string without any XML tags. This function removes all XML tags from the input string, leaving only the text content. It is an alias for the HTML function, which performs the same operation.

Parameters: - original: The input string containing XML tags to be sanitized.

Returns: - A sanitized string with all XML tags removed.

Example: 

input := `<?XML version="1.0" encoding="UTF-8"?><note>Something</note>`
result := sanitize.XML(input)
fmt.Println(result) // Output: "Something"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleXML example using XML() 

fmt.Println(sanitize.XML("<xml>This?</xml>"))

Output:
This?

func XSS 

func XSS(original string) string

XSS removes known XSS attack strings or script strings. This function sanitizes the input string by removing common XSS attack vectors, such as script tags, eval functions, and JavaScript protocol handlers.

WARNING: this is NOT a comprehensive XSS prevention solution.

For a more improved approach, use a library like `github.com/microcosm-cc/bluemonday`

import "github.com/microcosm-cc/bluemonday" 

func SafeHTML(unsafe string) string {
	p := bluemonday.UGCPolicy() // or build your own allow-list
	return p.Sanitize(unsafe)
}

Parameters: - original: The input string to be sanitized.

Returns: - A sanitized string with known XSS attack vectors removed.

Example: 

input := "<script>alert('test');</script>"
result := sanitize.XSS(input)
fmt.Println(result) // Output: ">alert('test');</"

See more usage examples in the `sanitize_example_test.go` file. See the benchmarks in the `sanitize_benchmark_test.go` file. See the fuzz tests in the `sanitize_fuzz_test.go` file.

Example

ExampleXSS example using XSS() 

fmt.Println(sanitize.XSS("<script>This?</script>"))

Output:
>This?</

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package main demonstrates all functions of the sanitize package.
 Package main demonstrates all functions of the sanitize package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.