In this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)).Figure 1. "Just sufficient" encoding based on the HTML5 spec.
xss output-filter sanitize sanitise escape encode filter context-aware context-sensitive security yahooAn express.js middleware for validator. Also please note that, starting with v5.0.0, no new features will be accepted into the legacy API. Only bug fixes will be made.
express validator validation validate sanitize sanitization xssHacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Hacker101 is structured as a set of video lessons -- some covering multiple topics, some covering a single one -- and can be consumed in two different ways. You can either watch them in the order produced as in a normal class (§ Sessions), or you can watch individual videos (§ Vulnerabilities). If you're new to security, we recommend the former; this provides a guided path through the content and covers more than just individual bugs.
education hacking security hackerone hacker101 xss clickjacking csrf web-security session-fixation unchecked-redirects sql-injectionArachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application's behavior during the scan process and is able to perform meta-analysis using a number of factors in order to correctly assess the trustworthiness of results and intelligently identify (or avoid) false-positives.
arachni dom audit detection security-audit analysis modular scanners web-application vulnerability-detection crawler scanner hack hacking penetration-testing xss sql-injectionSanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
sanitization xss sanitize sanitisation input security escape encode filter validator html injection whitelistXSStrike is an advanced XSS detection suite. It has a powerful fuzzing engine and provides zero false positive result using fuzzy matching. XSStrike is the first XSS scanner to generate its own payloads. It is intelligent enough to detect and break out of various contexts. Note: XSStrike isn't compatible with Python2 anymore, please use python3 xsstrike to run it. Changelog contains the changes made to XSStrike after the XSStrike v2.0 pre-beta release.
xss xss-scanner xss-exploit xss-bruteforce xss-python xss-detection xss-payloadsDOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify sanitizes HTML and prevents XSS attacks. You can feed DOMPurify with string full of dirty HTML and it will return a string (unless configured otherwise) with clean HTML. DOMPurify will strip out everything that contains dangerous HTML and thereby prevent XSS attacks and other nastiness.
xss sanitizer dom security dompurify prevent-xss-attacks mathml html svg cross-site-scripting secure sanitize filter purify html-sanitizerSmall tool to package javascript into a valid image file. Currently supported are gif and bmp. Run imagejs option jsfile.js. The outcoming image file will be named like the input file + the image ending.. Options are currently bmp, gif, webp, pnm and pgf.
injection xssIn this example, the traditional wisdom of blindly escaping some special html entity characters (& < > ' " `) would not stop XSS (e.g., when url is equal to javascript:alert(1) or onclick=alert(1)). Figure 1. "Just sufficient" encoding based on the HTML5 spec.
xss output-filter sanitize sanitise escape encode filter context-aware context-sensitive security yahoorun ./get.sh to download external payloads and unzip any payload files that are compressed. Requests extracted from either packet captures or log files of capture the flag (ctf) events. Mostly raw data so not all requests are actual payloads, however requests should be deduplicated.
payload payloads xss sqli web-attack-payloads passwordsXSS'OR - Hack with JavaScript. It contains three major modules: Encode/Decode, Codz, Probe.
probe pentest-tool xss csrf encoding hacking-tool pentest hackbluemonday is a HTML sanitizer implemented in Go. It is fast and highly configurable.bluemonday takes untrusted user generated content as an input, and will return HTML that has been sanitised against a whitelist of approved HTML elements and attributes so that you can safely include the content in your web page.
sanitization html security xss owasp whitelist parser html-sanitizerInjectify is a modern web based MiTM tool, similiar to BeEF (although completely unrelated in terms of source code). It features cross-platform clients (Web, Desktop, Browser extension).
mitm xss console-replication typescript nodejs modular reactjs redux webpack github-oauth mongodbAwesome XSS stuff. Put this repo on watch. I will be updating it regularly. Yep, confirm because alert is too mainstream.
xss payload xss-payloads payload-list xss-detection xss-cheatsheetsanitize-html provides a simple HTML sanitizer with a clear API. sanitize-html is tolerant. It is well suited for cleaning up HTML fragments such as those created by ckeditor and other rich text editors. It is especially handy for removing unwanted CSS when copying and pasting from Word.
xss sanitizer html-sanitizerInjectify is a modern web based MiTM tool, similiar to BeEF (although completely unrelated in terms of source code). It features cross-platform clients (Web, Desktop, Browser extension).
redux nodejs modular typescript webpack mongodb reactjs mitm xss github-oauth console-replicationHtmlSanitizer is a .NET library for cleaning HTML fragments and documents from constructs that can lead to XSS attacks. It uses AngleSharp to parse, manipulate, and render HTML and CSS. Because HtmlSanitizer is based on a robust HTML parser it can also shield you from deliberate or accidental "tag poisoning" where invalid HTML in one fragment can corrupt the whole document leading to broken layout or style.
xss html sanitizerHTML Purifier is an HTML filtering solution that uses a unique combination of robust whitelists and agressive parsing to ensure that not only are XSS attacks thwarted, but the resulting HTML is standards compliant.
sanitization html security xss owasp whitelist parser html-sanitizerLatte is a template engine for PHP which eases your work and ensures the output is protected against vulnerabilities, such as XSS. Documentation can be found on the website.
nette nette-framework latte template-engine xss security content-aware safetyEasily integrate Content-Security-Policy headers into your web application, either from a JSON configuration file, or programatically. CSP Builder was created by Paragon Initiative Enterprises as part of our effort to encourage better application security practices.
csp csp-header json-configuration csp-builder content-security-policy http http-header easy-to-use secure-by-default security xss cross-site-scripting
We have large collection of open source products. Follow the tags from
Tag Cloud >>
Open source products are scattered around the web. Please provide information
about the open source projects you own / you use.
Add Projects.