@jsvision/core / sanitize
Function: sanitize()
sanitize(
text):string
Defined in: safety/sanitize.ts:35
Remove escape and other terminal-control bytes from untrusted text, returning a string that is safe to write to the terminal.
Stripped: ESC (0x1b) and the two-byte ESC \ String Terminator, BEL (0x07), the single-byte ST (0x9c), all C0 controls (0x00–0x1f) except tab (0x09) and newline (0x0a), and all C1 controls (0x80–0x9f). Printable and valid UTF-8 text (including emoji and other astral characters) passes through unchanged. Pure — it never mutates or logs its input.
Parameters
text
string
Untrusted input (app- or network-supplied).
Returns
string
text with control bytes removed; tab and newline are preserved.
Example
ts
import { sanitize } from '@jsvision/core';
// Only the control bytes are removed. The ESC that armed the color sequence is
// gone, so its parameters render as harmless literal text instead of a command.
sanitize('hi\x1b[31mred\x07'); // => 'hi[31mred' (ESC + BEL stripped)
sanitize('col1\tcol2\nline2'); // => 'col1\tcol2\nline2' (tab + newline kept)
sanitize('emoji 🎉 ok'); // => 'emoji 🎉 ok' (unchanged)