Skip to content

@jsvision/core / sanitize

Function: sanitize()

sanitize(text): string

Defined in: safety/sanitize.ts:35

Remove escape and other terminal-control bytes from untrusted text, returning a string that is safe to write to the terminal.

Stripped: ESC (0x1b) and the two-byte ESC \ String Terminator, BEL (0x07), the single-byte ST (0x9c), all C0 controls (0x00–0x1f) except tab (0x09) and newline (0x0a), and all C1 controls (0x80–0x9f). Printable and valid UTF-8 text (including emoji and other astral characters) passes through unchanged. Pure — it never mutates or logs its input.

Parameters

text

string

Untrusted input (app- or network-supplied).

Returns

string

text with control bytes removed; tab and newline are preserved.

Example

ts
import { sanitize } from '@jsvision/core';

// Only the control bytes are removed. The ESC that armed the color sequence is
// gone, so its parameters render as harmless literal text instead of a command.
sanitize('hi\x1b[31mred\x07');   // => 'hi[31mred'  (ESC + BEL stripped)
sanitize('col1\tcol2\nline2');   // => 'col1\tcol2\nline2'  (tab + newline kept)
sanitize('emoji 🎉 ok');         // => 'emoji 🎉 ok'  (unchanged)