feat: replace insensitive terms

README.md

@@ -102,7 +102,7 @@ Validator                               | Description
 **isDecimal(str [, options])**             | check if the string represents a decimal number, such as 0.1, .3, 1.1, 1.00003, 4.0, etc.<br/><br/>`options` is an object which defaults to `{force_decimal: false, decimal_digits: '1,', locale: 'en-US'}`<br/><br/>`locale` determine the decimal separator and is one of `['ar', 'ar-AE', 'ar-BH', 'ar-DZ', 'ar-EG', 'ar-IQ', 'ar-JO', 'ar-KW', 'ar-LB', 'ar-LY', 'ar-MA', 'ar-QA', 'ar-QM', 'ar-SA', 'ar-SD', 'ar-SY', 'ar-TN', 'ar-YE', 'bg-BG', 'cs-CZ', 'da-DK', 'de-DE', 'en-AU', 'en-GB', 'en-HK', 'en-IN', 'en-NZ', 'en-US', 'en-ZA', 'en-ZM', 'es-ES', 'fr-FR', 'hu-HU', 'it-IT', 'ku-IQ', nb-NO', 'nl-NL', 'nn-NO', 'pl-PL', 'pt-BR', 'pt-PT', 'ru-RU', 'sl-SI', 'sr-RS', 'sr-RS@latin', 'sv-SE', 'tr-TR', 'uk-UA']`.<br/>**Note:** `decimal_digits` is given as a range like '1,3', a specific value like '3' or min like '1,'.
 **isDivisibleBy(str, number)**          | check if the string is a number that's divisible by another.
 **isEAN(str)**                          | check if the string is an EAN (European Article Number).
-**isEmail(str [, options])**            | check if the string is an email.<br/><br/>`options` is an object which defaults to `{ allow_display_name: false, require_display_name: false, allow_utf8_local_part: true, require_tld: true, allow_ip_domain: false, domain_specific_validation: false, blacklisted_chars: '' }`. If `allow_display_name` is set to true, the validator will also match `Display Name <email-address>`. If `require_display_name` is set to true, the validator will reject strings without the format `Display Name <email-address>`. If `allow_utf8_local_part` is set to false, the validator will not allow any non-English UTF8 character in email address' local part. If `require_tld` is set to false, e-mail addresses without having TLD in their domain will also be matched. If `ignore_max_length` is set to true, the validator will not check for the standard max length of an email. If `allow_ip_domain` is set to true, the validator will allow IP addresses in the host part. If `domain_specific_validation` is true, some additional validation will be enabled, e.g. disallowing certain syntactically valid email addresses that are rejected by GMail. If `blacklisted_chars` recieves a string,then the validator will reject emails that include any of the characters in the string, in the name part.
+**isEmail(str [, options])**            | check if the string is an email.<br/><br/>`options` is an object which defaults to `{ allow_display_name: false, require_display_name: false, allow_utf8_local_part: true, require_tld: true, allow_ip_domain: false, domain_specific_validation: false, denylisted_chars: '' }`. If `allow_display_name` is set to true, the validator will also match `Display Name <email-address>`. If `require_display_name` is set to true, the validator will reject strings without the format `Display Name <email-address>`. If `allow_utf8_local_part` is set to false, the validator will not allow any non-English UTF8 character in email address' local part. If `require_tld` is set to false, e-mail addresses without having TLD in their domain will also be matched. If `ignore_max_length` is set to true, the validator will not check for the standard max length of an email. If `allow_ip_domain` is set to true, the validator will allow IP addresses in the host part. If `domain_specific_validation` is true, some additional validation will be enabled, e.g. disallowing certain syntactically valid email addresses that are rejected by GMail. If `denylisted_chars` receives a string, then the validator will reject emails that include any of the characters in the string, in the name part.
 **isEmpty(str [, options])**            | check if the string has a length of zero.<br/><br/>`options` is an object which defaults to `{ ignore_whitespace:false }`.
 **isEthereumAddress(str)**              | check if the string is an [Ethereum](https://ethereum.org/) address using basic regex. Does not validate address checksums.
 **isFloat(str [, options])**            | check if the string is a float.<br/><br/>`options` is an object which can contain the keys `min`, `max`, `gt`, and/or `lt` to validate the float is within boundaries (e.g. `{ min: 7.22, max: 9.55 }`) it also has `locale` as an option.<br/><br/>`min` and `max` are equivalent to 'greater or equal' and 'less or equal', respectively while `gt` and `lt` are their strict counterparts.<br/><br/>`locale` determine the decimal separator and is one of `['ar', 'ar-AE', 'ar-BH', 'ar-DZ', 'ar-EG', 'ar-IQ', 'ar-JO', 'ar-KW', 'ar-LB', 'ar-LY', 'ar-MA', 'ar-QA', 'ar-QM', 'ar-SA', 'ar-SD', 'ar-SY', 'ar-TN', 'ar-YE', 'bg-BG', 'cs-CZ', 'da-DK', 'de-DE', 'en-AU', 'en-GB', 'en-HK', 'en-IN', 'en-NZ', 'en-US', 'en-ZA', 'en-ZM', 'es-ES', 'fr-FR', 'hu-HU', 'it-IT', 'nb-NO', 'nl-NL', 'nn-NO', 'pl-PL', 'pt-BR', 'pt-PT', 'ru-RU', 'sl-SI', 'sr-RS', 'sr-RS@latin', 'sv-SE', 'tr-TR', 'uk-UA']`. Locale list is `validator.isFloatLocales`.
@@ -152,10 +152,10 @@ Validator                               | Description
 **isUppercase(str)**                    | check if the string is uppercase.
 **isSlug**                              | Check if the string is of type slug. `Options` allow a single hyphen between string. e.g. [`cn-cn`, `cn-c-c`]
 **isTaxID(str, locale)**                | Check if the given value is a valid Tax Identification    Number. Default locale is `en-US`
-**isURL(str [, options])**              | check if the string is an URL.<br/><br/>`options` is an object which defaults to `{ protocols: ['http','https','ftp'], require_tld: true, require_protocol: false, require_host: true, require_valid_protocol: true, allow_underscores: false, host_whitelist: false, host_blacklist: false, allow_trailing_dot: false, allow_protocol_relative_urls: false, disallow_auth: false }`.<br/><br/>require_protocol - if set as true isURL will return false if protocol is not present in the URL.<br/>require_valid_protocol - isURL will check if the URL's protocol is present in the protocols option.<br/>protocols - valid protocols can be modified with this option.<br/>require_host - if set as false isURL will not check if host is present in the URL.<br/>require_port - if set as true isURL will check if port is present in the URL.<br/>allow_protocol_relative_urls - if set as true protocol relative URLs will be allowed.<br/>validate_length - if set as false isURL will skip string length validation (2083 characters is IE max URL length).
+**isURL(str [, options])**              | check if the string is an URL.<br/><br/>`options` is an object which defaults to `{ protocols: ['http','https','ftp'], require_tld: true, require_protocol: false, require_host: true, require_valid_protocol: true, allow_underscores: false, host_allowlist: false, host_denylist: false, allow_trailing_dot: false, allow_protocol_relative_urls: false, disallow_auth: false }`.<br/><br/>require_protocol - if set as true isURL will return false if protocol is not present in the URL.<br/>require_valid_protocol - isURL will check if the URL's protocol is present in the protocols option.<br/>protocols - valid protocols can be modified with this option.<br/>require_host - if set as false isURL will not check if host is present in the URL.<br/>require_port - if set as true isURL will check if port is present in the URL.<br/>allow_protocol_relative_urls - if set as true protocol relative URLs will be allowed.<br/>validate_length - if set as false isURL will skip string length validation (2083 characters is IE max URL length).
 **isUUID(str [, version])**             | check if the string is a UUID (version 3, 4 or 5).
 **isVariableWidth(str)**                | check if the string contains a mixture of full and half-width chars.
-**isWhitelisted(str, chars)**           | checks characters if they appear in the whitelist.
+**isAllowlisted(str, chars)**           | checks characters if they appear in the allowlist.
 **matches(str, pattern [, modifiers])** | check if string matches the pattern.<br/><br/>Either `matches('foo', /foo/i)` or `matches('foo', 'foo', 'i')`.
 
 ## Sanitizers
@@ -164,7 +164,7 @@ Here is a list of the sanitizers currently available.
 
 Sanitizer                              | Description
 -------------------------------------- | -------------------------------
-**blacklist(input, chars)**            | remove characters that appear in the blacklist. The characters are used in a RegExp and so you will need to escape some chars, e.g. `blacklist(input, '\\[\\]')`.
+**denylist(input, chars)**            | remove characters that appear in the denylist. The characters are used in a RegExp and so you will need to escape some chars, e.g. `denylist(input, '\\[\\]')`.
 **escape(input)**                      | replace `<`, `>`, `&`, `'`, `"` and `/` with HTML entities.
 **ltrim(input [, chars])**             | trim characters from the left-side of the input.
 **normalizeEmail(email [, options])**  | canonicalizes an email address. (This doesn't validate that the input is an email, if you want to validate the email use isEmail beforehand)<br/><br/>`options` is an object with the following keys and default values:<br/><ul><li>*all_lowercase: true* - Transforms the local part (before the @ symbol) of all email addresses to lowercase. Please note that this may violate RFC 5321, which gives providers the possibility to treat the local part of email addresses in a case sensitive way (although in practice most - yet not all - providers don't). The domain part of the email address is always lowercased, as it's case insensitive per RFC 1035.</li><li>*gmail_lowercase: true* - GMail addresses are known to be case-insensitive, so this switch allows lowercasing them even when *all_lowercase* is set to false. Please note that when *all_lowercase* is true, GMail addresses are lowercased regardless of the value of this setting.</li><li>*gmail_remove_dots: true*: Removes dots from the local part of the email address, as GMail ignores them (e.g. "john.doe" and "johndoe" are considered equal).</li><li>*gmail_remove_subaddress: true*: Normalizes addresses by removing "sub-addresses", which is the part following a "+" sign (e.g. "[email protected]" becomes "[email protected]").</li><li>*gmail_convert_googlemaildotcom: true*: Converts addresses with domain @googlemail.com to @gmail.com, as they're equivalent.</li><li>*outlookdotcom_lowercase: true* - Outlook.com addresses (including Windows Live and Hotmail) are known to be case-insensitive, so this switch allows lowercasing them even when *all_lowercase* is set to false. Please note that when *all_lowercase* is true, Outlook.com addresses are lowercased regardless of the value of this setting.</li><li>*outlookdotcom_remove_subaddress: true*: Normalizes addresses by removing "sub-addresses", which is the part following a "+" sign (e.g. "[email protected]" becomes "[email protected]").</li><li>*yahoo_lowercase: true* - Yahoo Mail addresses are known to be case-insensitive, so this switch allows lowercasing them even when *all_lowercase* is set to false. Please note that when *all_lowercase* is true, Yahoo Mail addresses are lowercased regardless of the value of this setting.</li><li>*yahoo_remove_subaddress: true*: Normalizes addresses by removing "sub-addresses", which is the part following a "-" sign (e.g. "[email protected]" becomes "[email protected]").</li><li>*icloud_lowercase: true* - iCloud addresses (including MobileMe) are known to be case-insensitive, so this switch allows lowercasing them even when *all_lowercase* is set to false. Please note that when *all_lowercase* is true, iCloud addresses are lowercased regardless of the value of this setting.</li><li>*icloud_remove_subaddress: true*: Normalizes addresses by removing "sub-addresses", which is the part following a "+" sign (e.g. "[email protected]" becomes "[email protected]").</li></ul>
@@ -174,9 +174,9 @@ Sanitizer                              | Description
 **toDate(input)**                      | convert the input string to a date, or `null` if the input is not a date.
 **toFloat(input)**                     | convert the input string to a float, or `NaN` if the input is not a float.
 **toInt(input [, radix])**             | convert the input string to an integer, or `NaN` if the input is not an integer.
-**trim(input [, chars])**              | trim characters (whitespace by default) from both sides of the input.
+**trim(input [, chars])**              | trim characters (allowspace by default) from both sides of the input.
 **unescape(input)**                    | replaces HTML encoded entities with `<`, `>`, `&`, `'`, `"` and `/`.
-**whitelist(input, chars)**            | remove characters that do not appear in the whitelist. The characters are used in a RegExp and so you will need to escape some chars, e.g. `whitelist(input, '\\[\\]')`.
+**allowlist(input, chars)**            | remove characters that do not appear in the allowlist. The characters are used in a RegExp and so you will need to escape some chars, e.g. `allowlist(input, '\\[\\]')`.
 
 ### XSS Sanitization
 

index.js

@@ -175,11 +175,11 @@ var _unescape = _interopRequireDefault(require("./lib/unescape"));
 
 var _stripLow = _interopRequireDefault(require("./lib/stripLow"));
 
-var _whitelist = _interopRequireDefault(require("./lib/whitelist"));
+var _allowlist = _interopRequireDefault(require("./lib/allowlist"));
 
-var _blacklist = _interopRequireDefault(require("./lib/blacklist"));
+var _denylist = _interopRequireDefault(require("./lib/denylist"));
 
-var _isWhitelisted = _interopRequireDefault(require("./lib/isWhitelisted"));
+var _isAllowlisted = _interopRequireDefault(require("./lib/isAllowlisted"));
 
 var _normalizeEmail = _interopRequireDefault(require("./lib/normalizeEmail"));
 
@@ -281,9 +281,30 @@ var validator = {
   escape: _escape.default,
   unescape: _unescape.default,
   stripLow: _stripLow.default,
-  whitelist: _whitelist.default,
-  blacklist: _blacklist.default,
-  isWhitelisted: _isWhitelisted.default,
+  // TODO: - Remove whitelist in next major release
+
+  /**
+   * @deprecated Since version 13.1.18.
+   * Will be removed in a future version. Use allowlist instead.
+   */
+  whitelist: _allowlist.default,
+  allowlist: _allowlist.default,
+  // TODO: - Remove blacklist in next major release
+
+  /**
+   * @deprecated Since version 13.1.18.
+   * Will be removed in a future version. Use denylist instead.
+   */
+  blacklist: _denylist.default,
+  denylist: _denylist.default,
+  // TODO: - Remove isWhitelisted in next major release
+
+  /**
+   * @deprecated Since version 13.1.18.
+   * Will be removed in a future version. Use isAllowlisted instead.
+   */
+  isWhitelisted: _isAllowlisted.default,
+  isAllowlisted: _isAllowlisted.default,
   normalizeEmail: _normalizeEmail.default,
   toString: toString,
   isSlug: _isSlug.default,

src/index.js

@@ -108,9 +108,9 @@ import trim from './lib/trim';
 import escape from './lib/escape';
 import unescape from './lib/unescape';
 import stripLow from './lib/stripLow';
-import whitelist from './lib/whitelist';
-import blacklist from './lib/blacklist';
-import isWhitelisted from './lib/isWhitelisted';
+import allowlist from './lib/allowlist';
+import denylist from './lib/denylist';
+import isAllowlisted from './lib/isAllowlisted';
 
 import normalizeEmail from './lib/normalizeEmail';
 
@@ -207,9 +207,27 @@ const validator = {
   escape,
   unescape,
   stripLow,
-  whitelist,
-  blacklist,
-  isWhitelisted,
+  // TODO: - Remove whitelist in next major release
+  /**
+   * @deprecated Since version 13.1.18.
+   * Will be removed in a future version. Use allowlist instead.
+   */
+  whitelist: allowlist,
+  allowlist,
+  // TODO: - Remove blacklist in next major release
+  /**
+   * @deprecated Since version 13.1.18.
+   * Will be removed in a future version. Use denylist instead.
+   */
+  blacklist: denylist,
+  denylist,
+  // TODO: - Remove isWhitelisted in next major release
+  /**
+   * @deprecated Since version 13.1.18.
+   * Will be removed in a future version. Use isAllowlisted instead.
+   */
+  isWhitelisted: isAllowlisted,
+  isAllowlisted,
   normalizeEmail,
   toString,
   isSlug,

src/lib/whitelist.js → src/lib/allowlist.js

@@ -1,6 +1,6 @@
 import assertString from './util/assertString';
 
-export default function whitelist(str, chars) {
+export default function allowlist(str, chars) {
   assertString(str);
   return str.replace(new RegExp(`[^${chars}]+`, 'g'), '');
 }

src/lib/blacklist.js → src/lib/denylist.js

@@ -1,6 +1,6 @@
 import assertString from './util/assertString';
 
-export default function blacklist(str, chars) {
+export default function denylist(str, chars) {
   assertString(str);
   return str.replace(new RegExp(`[${chars}]+`, 'g'), '');
 }

src/lib/isWhitelisted.js → src/lib/isAllowlisted.js

@@ -1,6 +1,6 @@
 import assertString from './util/assertString';
 
-export default function isWhitelisted(str, chars) {
+export default function isAllowlisted(str, chars) {
   assertString(str);
   for (let i = str.length - 1; i >= 0; i--) {
     if (chars.indexOf(str[i]) === -1) {

src/lib/isDecimal.js

@@ -14,13 +14,13 @@ const default_decimal_options = {
   locale: 'en-US',
 };
 
-const blacklist = ['', '-', '+'];
+const denylist = ['', '-', '+'];
 
 export default function isDecimal(str, options) {
   assertString(str);
   options = merge(options, default_decimal_options);
   if (options.locale in decimal) {
-    return !includes(blacklist, str.replace(/ /g, '')) && decimalRegExp(options).test(str);
+    return !includes(denylist, str.replace(/ /g, '')) && decimalRegExp(options).test(str);
   }
   throw new Error(`Invalid locale '${options.locale}'`);
 }

src/lib/isEmail.js

@@ -10,7 +10,9 @@ const default_email_options = {
   require_display_name: false,
   allow_utf8_local_part: true,
   require_tld: true,
+  // TODO: - Remove blacklisted_chars in next major release
   blacklisted_chars: '',
+  denylisted_chars: '',
   ignore_max_length: false,
 };
 
@@ -161,8 +163,12 @@ export default function isEmail(str, options) {
       return false;
     }
   }
-  if (options.blacklisted_chars) {
-    if (user.search(new RegExp(`[${options.blacklisted_chars}]+`, 'g')) !== -1) return false;
+  // TODO: - Remove blacklisted_chars support in next major release
+  if (options.denylisted_chars || options.blacklisted_chars) {
+    const denylisted_chars = options.denylisted_chars ?
+      options.denylisted_chars :
+      options.blacklisted_chars;
+    if (user.search(new RegExp(`[${denylisted_chars}]+`, 'g')) !== -1) return false;
   }
 
   return true;

src/lib/isURL.js

@@ -138,10 +138,14 @@ export default function isURL(url, options) {
 
   host = host || ipv6;
 
-  if (options.host_whitelist && !checkHost(host, options.host_whitelist)) {
+  // TODO: - Remove whitelist in next major release
+  const allowlist = options.host_allowlist || options.host_whitelist;
+  if (allowlist && !checkHost(host, allowlist)) {
     return false;
   }
-  if (options.host_blacklist && checkHost(host, options.host_blacklist)) {
+  // TODO: - Remove blacklist in next major release
+  const denylist = options.host_denylist || options.host_blacklist;
+  if (denylist && checkHost(host, denylist)) {
     return false;
   }
 

src/lib/stripLow.js

@@ -1,9 +1,9 @@
 import assertString from './util/assertString';
 
-import blacklist from './blacklist';
+import denylist from './denylist';
 
 export default function stripLow(str, keep_new_lines) {
   assertString(str);
   const chars = keep_new_lines ? '\\x00-\\x09\\x0B\\x0C\\x0E-\\x1F\\x7F' : '\\x00-\\x1F\\x7F';
-  return blacklist(str, chars);
+  return denylist(str, chars);
 }

test/sanitizers.js

@@ -220,9 +220,9 @@ describe('Sanitizers', () => {
     });
   });
 
-  it('should sanitize a string based on a whitelist', () => {
+  it('should sanitize a string based on a allowlist', () => {
     test({
-      sanitizer: 'whitelist',
+      sanitizer: 'allowlist',
       args: ['abc'],
       expect: {
         abcdef: 'abc',
@@ -233,9 +233,9 @@ describe('Sanitizers', () => {
     });
   });
 
-  it('should sanitize a string based on a blacklist', () => {
+  it('should sanitize a string based on a denylist', () => {
     test({
-      sanitizer: 'blacklist',
+      sanitizer: 'denylist',
       args: ['abc'],
       expect: {
         abcdef: 'def',