eslint-plugin-no-unsanitized VS big-list-of-naughty-strings

Compare eslint-plugin-no-unsanitized vs big-list-of-naughty-strings and see what are their differences.

eslint-plugin-no-unsanitized

Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike (by mozilla)
Security eslint-plugin
Source Code
Suggest alternative
Edit details

big-list-of-naughty-strings

The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data. (by minimaxir)
Suggest topics
Source Code
Suggest alternative
Edit details
SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
surveyjs.io
featured
InfluxDB - Power Real-Time Data Analytics at Scale
Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
www.influxdata.com
featured
eslint-plugin-no-unsanitized big-list-of-naughty-strings
2 41
215 45,851
0.9% -
4.6 0.0
11 days ago 15 days ago
JavaScript Python
Mozilla Public License 2.0 MIT License
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

eslint-plugin-no-unsanitized

Posts with mentions or reviews of eslint-plugin-no-unsanitized. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-10-17.
  • Escaping user input is ridonkulously hard
    2 projects | /r/programming | 17 Oct 2022
    Prevent any uses of setting innerHTML or similar functions e.g. via an eslint plugin.
  • HTML Sanitizer API
    5 projects | news.ycombinator.com | 6 May 2021
    Great point!

    It wanted to edit the comment to change (1) to (server/client) but I passed my edit timeout.

    I would include your (5) within (1). `textContent` and other DOM methods like `setAttribute` are effectively secure output-escaping on the client.

    Your (5a) is an excellent extra measure. In this area, I'd also add security-focused linting for (1) and (5)–e.g. for (5), to ensure secure DOM methods are used, I use Mozilla's `eslint-plugin-no-unsanitized`[0] plugin for all my personal & work projects.

    [0] https://github.com/mozilla/eslint-plugin-no-unsanitized/

big-list-of-naughty-strings

Posts with mentions or reviews of big-list-of-naughty-strings. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2024-01-20.

What are some alternatives?

When comparing eslint-plugin-no-unsanitized and big-list-of-naughty-strings you can also consider the following projects:

java-html-sanitizer - Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.

SecLists - SecLists is the security tester's companion. It's a collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

content - The content behind MDN Web Docs

CheatSheetSeries - The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

You-Dont-Need-Lodash-Underscore - List of JavaScript methods which you can use natively + ESLint Plugin

ms-teams-rce

XO - ❤️ JavaScript/TypeScript linter (ESLint wrapper) with great defaults

javascript-questions - A long list of (advanced) JavaScript questions, and their explanations :sparkles:

bluemonday - bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS

33-js-concepts - 📜 33 JavaScript concepts every developer should know.

WSL - Issues found on WSL

eslint-plugin-no-unsanitized vs java-html-sanitizer big-list-of-naughty-strings vs SecLists eslint-plugin-no-unsanitized vs content big-list-of-naughty-strings vs CheatSheetSeries eslint-plugin-no-unsanitized vs You-Dont-Need-Lodash-Underscore big-list-of-naughty-strings vs ms-teams-rce eslint-plugin-no-unsanitized vs XO big-list-of-naughty-strings vs javascript-questions eslint-plugin-no-unsanitized vs bluemonday big-list-of-naughty-strings vs content big-list-of-naughty-strings vs 33-js-concepts big-list-of-naughty-strings vs WSL