sanitizer-lib · v1.1.0
javadoc github maven

Declarative input
sanitization for Java.

A small library for Spring Boot and JPA. Annotate a field with @Sanitize and the framework trims, masks, normalizes, or escapes it before your code ever sees it.

Java 21 Spring Boot 3.4+ 17 built-in sanitizers MIT licensed

install

Available on Maven Central. Pull in the integration you need.

build.gradle.kts
// Spring Boot
implementation("io.github.rabinarayanpatra.sanitizer:sanitizer-spring:1.1.0")

// JPA (optional)
implementation("io.github.rabinarayanpatra.sanitizer:sanitizer-jpa:1.1.0")
pom.xml
<dependency>
  <groupId>io.github.rabinarayanpatra.sanitizer</groupId>
  <artifactId>sanitizer-spring</artifactId>
  <version>1.1.0</version>
</dependency>

usage

Annotate any field. Chain multiple sanitizers; they run in order.

// DTO — sanitized on Jackson deserialization
public class UserDto {

  @Sanitize(using = { TrimSanitizer.class, LowerCaseSanitizer.class })
  private String email;

  @Sanitize(using = CreditCardMaskSanitizer.class)
  private String cardNumber;
}
// JPA entity — sanitized on @PrePersist / @PreUpdate
@Entity
@EntityListeners(SanitizationEntityListener.class)
public class Payment {

  @Id @GeneratedValue
  private Long id;

  @Sanitize(using = CreditCardMaskSanitizer.class)
  private String cardNumber;
}

No registry calls. No interceptor wiring. Spring Boot autoconfiguration handles the Jackson module and sanitizer registry on startup.

why

built-in sanitizers

TrimSanitizerstrip leading and trailing whitespace
CollapseWhitespacecollapse internal whitespace to single space
LowerCaseSanitizernormalize to lowercase
UpperCaseSanitizernormalize to uppercase
TitleCaseSanitizercapitalize the first letter of each word
NullIfBlankreturn null if the string is blank
RemoveNonPrintablefilter non-printable control characters
HtmlEscapeSanitizerescape HTML special characters (XSS-safe)
SlugifySanitizerconvert to URL-friendly slug
SafeFilenamereplace filesystem-reserved characters
EmailAliasStripremove +alias and lowercase
PhoneE164Sanitizernormalize phone numbers to E.164
UuidNormalizelowercase and validate UUIDs
CreditCardMaskmask all but the last four digits
SSNMaskSanitizermask US SSN, reveal last four
IBANMaskSanitizermask IBAN, reveal last four
TruncateSanitizerconfigurable truncation with optional suffix

extending

Implement FieldSanitizer<T> for your own logic.

@Component
public class NumericOnlySanitizer implements FieldSanitizer<String> {
  @Override
  public String sanitize(String input) {
    return input == null ? null : input.replaceAll("[^0-9]", "");
  }
}

Or extend ConfigurableFieldSanitizer if you need parameters.

documentation