Hi all —
I just released GoISL, a lightweight and hookable Go package designed to simplify input sanitization and output escaping. Empasizing simplicity and extensibility, it is just under a year in the design and making.
Inspired by work done in the WordPress community, GoISL encourages a “sanitize on input, escape on output” approach, providing built-in helpers for:
Email validation and cleanup
File name sanitization
URL normalization and escaping
Safe HTML stripping
Plaintext cleanup
pflag CLI flag binding with automatic sanitization
But here’s the catch: a package can’t solve everything — and GoISL is no exception. That’s why it was built from the ground up with custom hooks in mind. Whether you’re filtering out disposable email domains, rejecting shortened URLs, masking patterns, or enforcing format-specific rules, GoISL lets you incorporate your own logic.
This release includes 16+ example hooks (Twitter handles, crypto, UUIDs, profanity filters, etc.), and future releases will continue to expand the library with community-inspired examples. The goal is to help developers solve their unique challenges quickly — with secure, testable, drop-in code.
Current coverage: 90.4%+, with multi-platform testing across Linux, macOS, and ARM.
GitHub: https://github.com/derickschaefer/goisl
pkg.go.dev: https://pkg.go.dev/github.com/derickschaefer/goisl
Would love feedback, contributions, or your own real-world hook examples!