As a part of this book’s journey, a real package was open sourced and submited to the Go Package Repository to both fill a need in the ecosystem and demonstrate a command-line interface best practice–input sanitization and output escaping.
The Go Input Sanitization Library is a lightweight, secure, and developer-friendly Go package designed to simplify input sanitization and safe output escaping. It supports three core use cases:
- Built-in Sanitization & Escaping: Quickly sanitize and escape common input types including email addresses, file names, URLs, and HTML for safe use in CLI tools, APIs, or web templates.
- Custom Format Overrides: Use hookable functions or wrappers to validate and clean highly specific input formats such as crypto addresses, UUIDs, IP ranges, Twitter handles, and vendor-specific API keys.
- CLI Integration with
pflag: Seamlessly bind sanitized values to command-line flags usingBindSanitizedFlagandBindSanitizedTextFlag, with panic-safe variants for required inputs.
Inspired by WordPress’s input-handling philosophy, goisl encourages a “sanitize on input, escape on output” model with modular, testable, and override-ready functions.