content
eslint-plugin-no-unsanitized
Our great sponsors
content | eslint-plugin-no-unsanitized | |
---|---|---|
123 | 2 | |
8,666 | 214 | |
1.5% | 1.4% | |
10.0 | 4.6 | |
2 days ago | 12 days ago | |
Markdown | JavaScript | |
GNU General Public License v3.0 or later | Mozilla Public License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
content
-
Here are the 10 projects I am contributing to over the next 6 months. Share yours
MDN Web Docs content
-
The character encoding cheat sheet for JS developers
In this article, we've covered the basics of character encoding in JavaScript, including the different encoding standards, how they work, and how to work with them in Node.js and web browsers. We've also covered some best practices for working with character encoding in JavaScript and provided tips and techniques for debugging encoding issues. If you want to learn more about character encoding in JavaScript, there are several resources. The Unicode Consortium's website provides detailed information about the Unicode standard, while the Mozilla Developer Network has extensive documentation on character encoding in JavaScript. Additionally, there are several books on JavaScript that cover this topic in depth, such as "JavaScript: The Definitive Guide" by David Flanagan and "Eloquent JavaScript" by Marijn Haverbeke.
-
Explanation of CSS Gradients
Great job! You've learned all about gradients and now you can use them like a CSS expert. With these skills, you can make your websites more colorful and attractive. you can read more in MDN website.
-
10 JavaScript Sites Every Web Developer Should Know
(https://developer.mozilla.org/) MDN Web Docs is the go-to resource for comprehensive documentation on JavaScript. From beginner tutorials to advanced references, it covers everything you need to know about JavaScript, including syntax, methods, and APIs.
-
10 Websites Every Web Developer Should Bookmark
(https://developer.mozilla.org/) This is your official guide to all things web development, straight from the team behind the popular Firefox browser. MDN boasts comprehensive documentation on HTML, CSS, JavaScript, and web APIs, making it an invaluable reference for developers of all levels.
-
Developer should-know websites
MDN Web Docs, previously Mozilla Developer Network
-
🔥 Top 10 Best Websites to Learn Coding for Free! 💻
MDN Web Docs MDN Web Docs is an invaluable resource for web developers. From basic syntax to advanced concepts, you'll find comprehensive documentation on HTML, CSS, JavaScript, and more.
-
Next.js: consequence of AppRouter on your CSP
Nonce attribute from MDN
-
Web Development Tools and Resources
MDN Web Docs (Visit Site)
-
Symbiote.js 2.0
In Symbiote.js, almost everything you see should already be familiar to you, directly or indirectly. Unless you're new to frontend. And if you are a beginner, then you can learn the necessary basics on popular sites with documentation on modern specifications, for example MDN.
eslint-plugin-no-unsanitized
-
Escaping user input is ridonkulously hard
Prevent any uses of setting innerHTML or similar functions e.g. via an eslint plugin.
-
HTML Sanitizer API
Great point!
It wanted to edit the comment to change (1) to (server/client) but I passed my edit timeout.
I would include your (5) within (1). `textContent` and other DOM methods like `setAttribute` are effectively secure output-escaping on the client.
Your (5a) is an excellent extra measure. In this area, I'd also add security-focused linting for (1) and (5)–e.g. for (5), to ensure secure DOM methods are used, I use Mozilla's `eslint-plugin-no-unsanitized`[0] plugin for all my personal & work projects.
[0] https://github.com/mozilla/eslint-plugin-no-unsanitized/
What are some alternatives?
Propeller - Propeller - Develop more, Code less. Propeller is a front-end responsive framework based on Google's Material Design Standards & Bootstrap.
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
sorbet - A fast, powerful type checker designed for Ruby
java-html-sanitizer - Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
proposal-pipeline-operator - A proposal for adding a useful pipe operator to JavaScript.
You-Dont-Need-Lodash-Underscore - List of JavaScript methods which you can use natively + ESLint Plugin
synth - The Declarative Data Generator
XO - ❤️ JavaScript/TypeScript linter (ESLint wrapper) with great defaults
bluemonday - bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
gta-css - I made a Grand Theft Auto style demo in CSS 3D (as much as possible) because I'm an idiot with far too much free time.
zeal - Offline documentation browser inspired by Dash