univeil

Unveil some Unicode characters that are easily overlooked.

Security reminder

Although univeil can replace characters with a backslash notation,
it is about visibility, not security.

It might protect your terminal emulator from that U+0090 device control, but it won't care about your database or shell, since most quotes and backslashes are perfectly visible characters. (For JSON quotes, try univeil.jsonify.)

Albeit an XML CharRef encoder is included, it usually won't be applied to the predefined entities, as they're perfectly visible. If you need them encoded as well, use xmlunidefuse instead.

Unicode feature reminders

• To fix decomposed vs. precomposed characters ('o\u0308' = 'ö' ≠ 'ö'), use String#normalize.

Usage

From test.js:

1var univeil = require('univeil'), cl = console.log, tmp;
2cl(univeil("Hello world!"));        //= `Hello world!`
3cl(univeil("Hel​lo snowman! ☃"));    //= `Hel\u200Blo\u00A0snowman!\u205F☃`
4cl(univeil("foo \t \r \n"));        //= `foo \u0009 \u000D \u000A`
5cl(univeil("\x1B \x7F \xA0 bar"));  //= `\u001B \u007F \u00A0 bar`
6
7tmp = '\\,\t,\r,\n,\b,\xA0,\f';
8cl(univeil(tmp));       //= `\,\u0009,\u000D,\u000A,\u0008,\u00A0,\u000C`
9cl(univeil(tmp, '\xA0\n'));   // whitelist
10  //= `\,\u0009,\u000D,`
11  //= `,\u0008, ,\u000C`
12cl(univeil(tmp, { '\xA0': '<nbsp>', '\n': '<nl>', '': '<?!>' }));   // dict
13  //= `\,<?!>,<?!>,<nl>,<?!>,<nbsp>,<?!>`
14cl(univeil(tmp, ' \n\xA0', { '': '' }));  // whitelist + dict
15  //= `\,,,`
16  //= `,, ,`
17cl(univeil(tmp, encodeURIComponent));     // custom translator function
18  //= `\,%09,%0D,%0A,%08,%C2%A0,%0C`
19cl(univeil(tmp, univeil.xmlCharRef));     // some batteries included
20  //= `\,&#9;,&#13;,&#10;,&#8;,&#xA0;,&#12;`
21// For more variants, see "Custom translations" below.
22
23tmp = [0, 1, 'nbsp=\xA0', 'devCtrl=\x90', { b: true }, null, -2];
24cl(univeil.jsonify(tmp));
25  //= `[0,1,"nbsp=\u00A0","devCtrl=\u0090",{"b":true},null,-2]`
26
27// Special reserved indentation "-1": spaces but no newlines.
28cl(univeil.jsonify(tmp, null, -1));
29  //= `[0, 1, "nbsp=\u00A0", "devCtrl=\u0090", {"b": true}, null, -2]`
30
31tmp = univeil.funcProxy(cl, null, ['/+'], { '\xA0': '<nbsp>' }, ['+/']);
32tmp('hello\xA0world');    //= `/+ hello<nbsp>world +/`

CLI:

1$ head --lines=1 README.md | univeil
2\uFEFF

 

License

ISC