Displaying 1 to 20 from 30 results

xss-filters - Secure XSS Filters

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.

validator.js - String validation

  •    Javascript

A library of string validators and sanitizers. This library validates and sanitizes strings only.

express-validator - An express.js middleware for node-validator.

  •    Javascript

An express.js middleware for validator. Also please note that, starting with v5.0.0, no new features will be accepted into the legacy API. Only bug fixes will be made.




DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG

  •    Javascript

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else using Blink or WebKit). DOMPurify is written by security people who have vast background in web attacks and XSS. Fear not.

xss-filters - Secure XSS Filters.

  •    Javascript

In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)). Figure 1. "Just sufficient" encoding based on the HTML5 spec.

schema-inspector - Schema-Inspector is an JSON API sanitisation and validation module.

  •    Javascript

Schema-Inspector is a powerful tool to sanitize and validate JS objects. It's designed to work both client-side and server-side and to be scalable with allowing asynchronous and synchronous calls.(Or download async.js and schema-inspector.js manually).


sanitize-caja - sanitize html

  •    Javascript

Sanitize HTML content using the Google Caja JsHtmlSanitizer and a set of basic assumptions, and a wrapper to make it all work in nodejs without global variable leaks and so on.This is a slightly 'loosened' version of Caja's restrictions, to allow for things like images, links, and a few HTML5 elements.

paramd - JSON filtering for Node

  •    Javascript

You may either use a whitelisting mode (specifying attributes allowed), or a blacklisting mode (specifying attributes that aren't allowed). If you use both, an error will be thrown.All configuration methods are chainable, and can take either a string or an array of properties.

filenamify - Convert a string to a valid safe filename

  •    Javascript

On Unix-like systems / is reserved and <>:"/\|?* on Windows.Accepts a filename and returns a valid filename.

strip-html - strip html streamingly

  •    Javascript

Return a transform stream that takes html text as input and outputs plain text as output.Note that the output side might contain html entities because this module does not decode entities itself.

xss.js - Simple whitelist-based html sanitizer

  •    Javascript

Simple whitelist-based html sanitizer for node and browser.

parse-domain - Splits a URL into sub-domain, domain and the top-level domain.

  •    Javascript

Splits a URL into sub-domain, domain and the top-level domain. Since domains are handled differently across different countries and organizations, splitting a URL into sub-domain, domain and top-level-domain parts is not a simple regexp. parse-domain uses a large list of known top-level domains from publicsuffix.org to recognize different parts of the domain.

node-resanitize - Regular expression-based HTML sanitizer and ad remover, geared toward RSS feed descriptions

  •    Javascript

This node.js module provides functions for removing unsafe parts and ads from HTML. I am using it for the <description> element of RSS feeds. This module's opinion of "sanitized" might not meet your security requirements. The mere fact that it uses regular expressions should make this disclaimer unnecessary, but just to be clear: if you intend to display arbitrary user input that includes HTML, you're going to want something more robust.

js-validator-livr - Lightweight javascript validator supporting Language Independent Validation Rules Specification (LIVR)

  •    Javascript

LIVR.Validator - Lightweight JavaScript validator supporting Language Independent Validation Rules Specification (LIVR). See LIVR Specification for detailed documentation and list of supported rules.

ember-purify - Purify your html content before marking it safe

  •    Javascript

When you need to render user provided HTML content but don't want to trust the user content with Ember's Ember.String.htmlSafe or {{{ }}}. Uses DOMPurify to sanitize HTML & SVG. I strongly recommend you watch the video linked under the inspiration section. See XSS in action in Ember in this twiddle. You can also run ember serve to see the above mentioned approaches along with the purify-dom helper. Inspect the DOM on all three broken images to see the difference.