eslint-plugin-no-unsanitized
XO
eslint-plugin-no-unsanitized | XO | |
---|---|---|
2 | 10 | |
217 | 7,555 | |
1.8% | 0.4% | |
5.0 | 5.8 | |
8 days ago | 23 days ago | |
JavaScript | JavaScript | |
Mozilla Public License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
eslint-plugin-no-unsanitized
-
Escaping user input is ridonkulously hard
Prevent any uses of setting innerHTML or similar functions e.g. via an eslint plugin.
-
HTML Sanitizer API
Great point!
It wanted to edit the comment to change (1) to (server/client) but I passed my edit timeout.
I would include your (5) within (1). `textContent` and other DOM methods like `setAttribute` are effectively secure output-escaping on the client.
Your (5a) is an excellent extra measure. In this area, I'd also add security-focused linting for (1) and (5)–e.g. for (5), to ensure secure DOM methods are used, I use Mozilla's `eslint-plugin-no-unsanitized`[0] plugin for all my personal & work projects.
[0] https://github.com/mozilla/eslint-plugin-no-unsanitized/
XO
-
Mastering Code Quality: Setting Up ESLint with Standard JS in TypeScript Projects
You may be torn between those famous code styles, struggling to choose one between Airbnb JavaScript Style, Google JavaScript Style Guide, JavaScript Standard Style, or XO, among others.
-
ESLint: Flat Config Rollout Plan
Usually you would pick a config you like and set it up for your project, notable ones are already mentioned but I'll mention more:
- xo https://github.com/xojs/xo
-
Configuring ESLint, Prettier, and TypeScript Together | Josh Goldberg
You might enjoy `xo` :) https://github.com/xojs/xo
- From Ruby to Node: Overhauling Shopify’s CLI for a Better Developer Experience
-
Front-end Guide
XO
-
Code Review chronicles: destructuring, linting and one valid reason for Typescript
The developer told me we could not do that because the linter we are using. (XO)[https://github.com/xojs/xo] started complaining.
-
Yarn.lock: How to Update it
Real world example: you are using create-react-app, and you want to also to use xo, as both come with their own version of ESLint pre-installed, you could end up with 2 ESLint installed.
-
Lint rules updates: a sane and safe approach to fixes
One of the biggest hassles to update was the linter we are using: XO, which is a very opinionated, but customizable linter base on ESlint.
-
JavaScript Influencers to Follow in 2021🤩
Projects: awesome, awesome-nodejs, avajs/ava, xojs/xo
What are some alternatives?
java-html-sanitizer - Takes third-party HTML and produces HTML that is safe to embed in your web application. Fast and easy to configure.
Standard - 🌟 JavaScript Style Guide, with linter & automatic code fixer
big-list-of-naughty-strings - The Big List of Naughty Strings is a list of strings which have a high probability of causing issues when used as user-input data.
ESLint - Find and fix problems in your JavaScript code.
content - The content behind MDN Web Docs
torrent - download torrents with node from the CLI
You-Dont-Need-Lodash-Underscore - List of JavaScript methods which you can use natively + ESLint Plugin
angular-styleguide - Angular Style Guide: A starting point for Angular development teams to provide consistency through good practices.
bluemonday - bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
eslint-config-xo - ESLint shareable config for XO
eslint-plugin-simple-import-sort - Easy autofixable import sorting.
eslint-plugin-svelte3 - An ESLint plugin for Svelte v3 components.