Displaying 1 to 20 from 74 results

xss-filters - Secure XSS Filters

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.

string.js - Extra JavaScript string methods.

  •    Javascript

string.js, or simply S is a lightweight (< 5 kb minified and gzipped) JavaScript library for the browser or for Node.js that provides extra String methods. Originally, it modified the String prototype. But I quickly learned that in JavaScript, this is considered poor practice.Personally, I prefer the cleanliness of the way code looks when it appears to be native methods. i.e. when you modify native JavaScript prototypes. However, if any app dependency required string.js, then the app's string prototype would be modified in every module. This could be troublesome. So I settled on creating a wrapper a la jQuery style. For those of you prototype hatin' fools, there is the method extendPrototype().

termbox - Library for writing text-based user interfaces

  •    C

Termbox is a library that provides minimalistic API which allows the programmer to write text-based user interfaces.It is based on a very simple abstraction. The main idea is viewing terminals as a table of fixed-size cells and input being a stream of structured messages. Would be fair to say that the model is inspired by windows console API. The abstraction itself is not perfect and it may create problems in certain areas. The most sensitive ones are copy & pasting and wide characters (mostly Chinese, Japanese, Korean (CJK) characters). When it comes to copy & pasting, the notion of cells is not really compatible with the idea of text. And CJK runes often require more than one cell to display them nicely. Despite the mentioned flaws, using such a simple model brings benefits in a form of simplicity. And KISS principle is important.




vmware_escape - VMware Escape Exploit before VMware WorkStation 12.5.5

  •    C

VMware Escape Exploit before VMware WorkStation 12.5.5

voca - The ultimate JavaScript string library

  •    Javascript

The Voca library offers helpful functions to make string manipulations comfortable: change case, trim, pad, slugify, latinise, sprintf'y, truncate, escape and much more. The modular design allows to load the entire library, or individual functions to minimize the application builds. The library is fully tested, well documented and long-term supported. Voca can be used in various environments.

xss-filters - Secure XSS Filters.

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)). Figure 1. "Just sufficient" encoding based on the HTML5 spec.

node-charm - ansi control sequences for terminal cursor hopping and colors

  •    Javascript

Use ansi terminal characters to write colors and cursor positions.Charm objects pass along the data events from their input stream except for events generated from querying the terminal device.


jsesc - Given some data, jsesc returns the shortest possible stringified & ASCII-safe representation of that data

  •    Javascript

For any input, jsesc generates the shortest possible valid printable-ASCII-only output. Here’s an online demo.jsesc’s output can be used instead of JSON.stringify’s to avoid mojibake and other encoding issues, or even to avoid errors when passing JSON-formatted data (which may contain U+2028 LINE SEPARATOR, U+2029 PARAGRAPH SEPARATOR, or lone surrogates) to a JavaScript parser or an UTF-8 encoder.

secure-handlebars - Handlebars Context Pre-compiler

  •    Javascript

Check out the latest slide deck, presented in the OWASP AppSec USA 2015.Imagine a template is written like so: <a href="{{url}}">{{url}}</a>. When it is compiled with an untrusted user data like {"url": "javascript:alert(666)"}, secure-handlebars automatically applies contextual escaping and generates the HTML <a href="x-javascript:alert(666)">javascript:alert(666)</a> as a result.

node-term-css - style terminal output using CSS

  •    Javascript

Terminal CSS styling using node-css.term-css substitutes tokens with properties in the object passed, for example {name} will access { name: "tobi" }, whereas {labels.visits} will access { labels: { visits: 'Visits' } }.

sqlstring - Simple SQL escape and format for MySQL

  •    Javascript

Caution These methods of escaping values only works when the NO_BACKSLASH_ESCAPES SQL mode is disabled (which is the default state for MySQL servers).This looks similar to prepared statements in MySQL, however it really just uses the same SqlString.escape() method internally.





We have large collection of open source products. Follow the tags from Tag Cloud >>


Open source products are scattered around the web. Please provide information about the open source projects you own / you use. Add Projects.