ngx_http_html_sanitize_module - It's a nginx http module to sanitize HTML5 with whitelisted elements, whitelisted attributes and whitelisted CSS property

  •        9

ngx_http_html_sanitize_module - It's base on google's gumbo-parser as HTML5 parser and hackers-painters's katana-parser as inline CSS parser to sanitize HTML with whitelisted elements, whitelisted attributes and whitelisted CSS property.

https://github.com/youzan/ngx_http_html_sanitize_module

Tags
Implementation
License
Platform

   




Related Projects

Bluemonday - A fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

  •    Go

bluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.

DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

  •    Javascript

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.

HtmlSanitizer - Cleans HTML to avoid XSS attacks

  •    CSharp

HtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. Because HtmlSanitizer is based on a robust HTML parser it can also shield you from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document leading to broken layout or style.

HTML Purifier - Standards compliant HTML filter written in PHP

  •    PHP

HTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.


Sanitize.js - Sanitize.js is a whitelist-based HTML sanitizer.

  •    Javascript

Sanitize.js is a whitelist-based HTML sanitizer. Given a list of acceptable elements and attributes, Sanitize.js will remove all unacceptable HTML from a DOM node. Using a simple configuration syntax, you can tell Sanitize to allow certain elements, certain attributes within those elements, and even certain URL protocols within attributes that contain URLs. Any HTML elements or attributes that you don't explicitly allow will be removed.

sanitize - Whitelist-based Ruby HTML sanitizer.

  •    Ruby

Whitelist-based Ruby HTML sanitizer.

sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis

  •    Javascript

Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis

xss-filters - Secure XSS Filters

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.

xss-filters - Secure XSS Filters.

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)). Figure 1. "Just sufficient" encoding based on the HTML5 spec.

xss-payload-list - 🎯 Cross Site Scripting ( XSS ) Vulnerability Payload List

  •    HTML

Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it. An attacker can use XSS to send a malicious script to an unsuspecting user. The end user’s browser has no way to know that the script should not be trusted, and will execute the script. Because it thinks the script came from a trusted source, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. These scripts can even rewrite the content of the HTML page. For more details on the different types of XSS flaws, see: Types of Cross-Site Scripting.

Caja-HTML-Sanitizer - Bundles Google Caja's HTML Sanitizer within a npm installable node.js module

  •    Javascript

I don't have time to maintain this repo, and have long forgotten how any of it works. If anyone would like to take on ownership, please let me know.

(X)HTML Markup Sanitizer

  •    CSharp

The XHTML Markup Sanitizer takes untrusted (X)HTML and massages it into real, trusted XHTML. It's particularly useful with content management systems where users are in control of markup, but you want to target XHTML1.1.

ngx-schema-form - HTML form generation based on JSON Schema

  •    TypeScript

Ngx Schema Form is an Angular 2+ module allowing you to instanciate an HTML form from a JSON schema. Note: Version 1.x is compliant with Angular <=4, version 2.x is compliant with Angular >=6.

NAXSI - High performance, low rules maintenance WAF for NGINX

  •    C

NAXSI means Nginx Anti XSS & SQL Injection. NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset of simple (and readable) rules containing 99% of known patterns involved in website vulnerabilities. For example, <, | or drop are not supposed to be part of a URI.

ngx-fancyindex - Fancy indexes module for the Nginx web server

  •    C

This module is designed to work with Nginx, a high performance open source web server written by Igor Sysoev. For users of the official stable Nginx repository, extra packages repository with dynamic modules is available and fancyindex is included.

ngx-formly - JavaScript powered FORMS for Angular 2.x and above

  •    TypeScript

@ngx-formly is an Angular module which has a Components to help customize and render JavaScript/JSON configured forms. The formly-form Component and the FormlyConfig service are very powerful and bring unmatched maintainability to your application's forms.Follow these steps to get started with ng-formly. Also check out our demos for further examples.

awesome-nginx - A curated list of awesome Nginx distributions, third modules, active developers, etc

  •    C

A curated list of awesome nginx distributions、third modules、active developers and so forth. If you want to contribute, please submit a pull request.

ezXSS - ezXSS is an easy way to test (blind) XSS

  •    HTML

ezXSS is an easy way to test (blind) Cross Site Scripting. I'm currently busy with building ezXSS 3. The whole application will be re-coded.