eslint-plugin-no-unsanitized
XO
| eslint-plugin-no-unsanitized | XO | |
|---|---|---|
| 2 | 9 | |
| 215 | 7,551 | |
| 0.9% | 0.4% | |
| 4.6 | 5.8 | |
| 11 days ago | 4 days ago | |
| JavaScript | JavaScript | |
| Mozilla Public License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
eslint-plugin-no-unsanitized
-
Escaping user input is ridonkulously hard
Prevent any uses of setting innerHTML or similar functions e.g. via an eslint plugin.
-
HTML Sanitizer API
Great point!
It wanted to edit the comment to change (1) to (server/client) but I passed my edit timeout.
I would include your (5) within (1). `textContent` and other DOM methods like `setAttribute` are effectively secure output-escaping on the client.
Your (5a) is an excellent extra measure. In this area, I'd also add security-focused linting for (1) and (5)–e.g. for (5), to ensure secure DOM methods are used, I use Mozilla's `eslint-plugin-no-unsanitized`[0] plugin for all my personal & work projects.
[0] https://github.com/mozilla/eslint-plugin-no-unsanitized/
XO
-
ESLint: Flat Config Rollout Plan
Usually you would pick a config you like and set it up for your project, notable ones are already mentioned but I'll mention more:
- xo https://github.com/xojs/xo
-
Configuring ESLint, Prettier, and TypeScript Together | Josh Goldberg
You might enjoy `xo` :) https://github.com/xojs/xo
- From Ruby to Node: Overhauling Shopify’s CLI for a Better Developer Experience
-
Front-end Guide
XO
-
Code Review chronicles: destructuring, linting and one valid reason for Typescript
The developer told me we could not do that because the linter we are using. (XO)[https://github.com/xojs/xo] started complaining.
-
Yarn.lock: How to Update it
Real world example: you are using create-react-app, and you want to also to use xo, as both come with their own version of ESLint pre-installed, you could end up with 2 ESLint installed.
-
Lint rules updates: a sane and safe approach to fixes
One of the biggest hassles to update was the linter we are using: XO, which is a very opinionated, but customizable linter base on ESlint.
-
JavaScript Influencers to Follow in 2021🤩
Projects: awesome, awesome-nodejs, avajs/ava, xojs/xo
What are some alternatives?
java-html-sanitizer - Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Standard - 🌟 JavaScript Style Guide, with linter & automatic code fixer
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
ESLint - Find and fix problems in your JavaScript code.
content - The content behind MDN Web Docs
torrent - download torrents with node from the CLI
You-Dont-Need-Lodash-Underscore - List of JavaScript methods which you can use natively + ESLint Plugin
angular-styleguide - Angular Style Guide: A starting point for Angular development teams to provide consistency through good practices.
bluemonday - bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
eslint-config-xo - ESLint shareable config for XO
eslint-plugin-simple-import-sort - Easy autofixable import sorting.
eslint-plugin-svelte3 - An ESLint plugin for Svelte v3 components.