Displaying 1 to 17 from 17 results

xss-filters - Secure XSS Filters


In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.

query-string - Parse and stringify URL query strings


🔥 Want to strengthen your core JavaScript skills and master ES6? I would personally recommend this awesome ES6 course by Wes Bos. You might also like his React course.Parse a query string into an object. Leading ? or # are ignored, so you can pass location.search or location.hash directly.




base-x - Encode/decode any base


Fast base encoding / decoding of any given alphabet using bitcoin style leading zero compression.See below for a list of commonly recognized alphabets, and their respective base.



bs58 - Base58 encoding/decoding for Bitcoin


JavaScript component to compute base 58 encoding. This encoding is typically used for crypto currencies such as Bitcoin.Note: If you're looking for base 58 check encoding, see: https://github.com/bitcoinjs/bs58check, which depends upon this library.

qr-encode - JavaScript component to encode strings into QR codes.


JavaScript component to encode strings into QR codes. Works in both Node.js and the browser.

secure-handlebars - Handlebars Context Pre-compiler


Check out the latest slide deck, presented in the OWASP AppSec USA 2015.Imagine a template is written like so: <a href="{{url}}">{{url}}</a>. When it is compiled with an untrusted user data like {"url": "javascript:alert(666)"}, secure-handlebars automatically applies contextual escaping and generates the HTML <a href="x-javascript:alert(666)">javascript:alert(666)</a> as a result.

subsume - Embed data in other data and easily extract it when needed


Can for example be useful when you run a child process that has multiple entities writing to stdout and you want to handle those outputs differently. I personally use it in run-jxa to allow the code run in that context to use console.log, but also allow me to send the result of the execution back through console.log.Returns a new subsume instance.

bitcoin-protocol - :symbols: Bitcoin network protocol streams


This module encodes and decodes low-level network protocol data using streams.You may want a higher-level module like bitcoin-net, which some things for you such as connection handshakes, sending keepalive pings, etc.