pan-security
src/components/pan-security.mjs
Security helpers for PAN framework:
- HTTPS enforcement
- XSS prevention
- Input sanitization
- Security best practices
- HTTPS enforcement
- XSS prevention
- Input sanitization
- Security best practices
Methods
enforceHTTPS(options, [options.enforce=true], [options.allowedHosts=[]])
Security helpers for PAN framework:
- HTTPS enforcement
- XSS prevention
- Input sanitization
- Security best practices
/
/**
Check if running in production and enforce HTTPS
- HTTPS enforcement
- XSS prevention
- Input sanitization
- Security best practices
/
/**
Check if running in production and enforce HTTPS
Parameters
| Name | Type | Description |
|---|---|---|
options |
Object |
Configuration options |
[options.enforce=true] |
boolean |
Whether to enforce HTTPS |
[options.allowedHosts=[]] |
string[] |
Hosts exempt from HTTPS (e.g., localhost) |
sanitizeHTML(html)
Sanitize HTML to prevent XSS
Basic implementation - use DOMPurify for production
Basic implementation - use DOMPurify for production
Parameters
| Name | Type | Description |
|---|---|---|
html |
string |
HTML string to sanitize |
Returns
string - Sanitized HTML
safeSetHTML(element, html)
Safe innerHTML setter that sanitizes content
Parameters
| Name | Type | Description |
|---|---|---|
element |
HTMLElement |
Element to set content on |
html |
string |
HTML content (will be sanitized) |
createTextNode(text)
Create a safe text node (alternative to innerHTML)
Parameters
| Name | Type | Description |
|---|---|---|
text |
string |
Text content |
Returns
Text - Text node
createElement(tag, attrs, content)
Safely create an element with attributes
Parameters
| Name | Type | Description |
|---|---|---|
tag |
string |
Element tag name |
attrs |
Object |
Attributes to set |
content |
string |
Text content (not HTML) |
Returns
HTMLElement -
isSafeURL(url)
Validate URL to prevent javascript: and data: schemes
Parameters
| Name | Type | Description |
|---|---|---|
url |
string |
URL to validate |
Returns
boolean - True if URL is safe
setSafeHref(element, href)
Safely set element href (for links)
Parameters
| Name | Type | Description |
|---|---|---|
element |
HTMLAnchorElement |
Link element |
href |
string |
URL to set |
checkCSP()
Check if Content Security Policy is properly configured
Returns
Object - CSP status
initSecurity(options)
Initialize PAN security features
Parameters
| Name | Type | Description |
|---|---|---|
options |
Object |
Configuration options |
escapeHTML(text)
Escape HTML special characters
Parameters
| Name | Type | Description |
|---|---|---|
text |
string |
Text to escape |
Returns
string - Escaped text
stripHTML(html)
Strip all HTML tags from a string
Parameters
| Name | Type | Description |
|---|---|---|
html |
string |
HTML string |
Returns
string - Plain text