Introducing GoISL: A Go package for input sanitization

Hi all —

I just released GoISL, a lightweight and hookable Go package designed to simplify input sanitization and output escaping. Empasizing simplicity and extensibility, it is just under a year in the design and making.

:magnifying_glass_tilted_left: Inspired by work done in the WordPress community, GoISL encourages a “sanitize on input, escape on output” approach, providing built-in helpers for:

  • :white_check_mark: Email validation and cleanup
  • :file_folder: File name sanitization
  • :globe_with_meridians: URL normalization and escaping
  • :locked_with_key: Safe HTML stripping
  • :memo: Plaintext cleanup
  • :puzzle_piece: pflag CLI flag binding with automatic sanitization

But here’s the catch: a package can’t solve everything — and GoISL is no exception. That’s why it was built from the ground up with custom hooks in mind. Whether you’re filtering out disposable email domains, rejecting shortened URLs, masking patterns, or enforcing format-specific rules, GoISL lets you incorporate your own logic.

This release includes 16+ example hooks (Twitter handles, crypto, UUIDs, profanity filters, etc.), and future releases will continue to expand the library with community-inspired examples. The goal is to help developers solve their unique challenges quickly — with secure, testable, drop-in code.

:test_tube: Current coverage: 90.4%+, with multi-platform testing across Linux, macOS, and ARM.

:backhand_index_pointing_right: GitHub: https://github.com/derickschaefer/goisl

:package: pkg.go.dev: https://pkg.go.dev/github.com/derickschaefer/goisl

Would love feedback, contributions, or your own real-world hook examples!