ldap-sanitizer

Sanitize untrusted user input for LDAP queries

LDAP v3 RFC on DNs

LDAP RFC on Search Filters (queries)

OWASP Escape Chars

DN Escape Chars

https://www.owasp.org/index.php/LDAP_Injection_Prevention_Cheat_Sheet

, \ # + < > ; " =

Filter Escape Chars

https://www.owasp.org/index.php/Preventing_LDAP_Injection_in_Java

Note: NUL char in JS is \0 or \u0000

\ * ( ) NUL

webappsec.org Escape Chars

http://projects.webappsec.org/w/page/13246947/LDAP%20Injection

DN Escape Chars

& ! | = < > , + - " ' ;

Filter Escape Chars

Note: NUL char in JS is \0 or \u0000

( ) \ * / NUL

Questions

Do the following chars need escaping for user input in DNs?

& ! | = ' -

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
README.md		README.md
ldap-sanitizer.js		ldap-sanitizer.js

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

ldap-sanitizer

OWASP Escape Chars

DN Escape Chars

Filter Escape Chars

webappsec.org Escape Chars

DN Escape Chars

Filter Escape Chars

See Also

Questions

About

Releases

Packages

Languages

brycejech/ldap-sanitizer

Folders and files

Latest commit

History

Repository files navigation

ldap-sanitizer

OWASP Escape Chars

DN Escape Chars

Filter Escape Chars

webappsec.org Escape Chars

DN Escape Chars

Filter Escape Chars

See Also

Questions

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages