inject
bluemonday
| inject | bluemonday | |
|---|---|---|
| - | 8 | |
| 1,282 | 3,340 | |
| - | 1.7% | |
| 0.0 | 5.5 | |
| almost 7 years ago | 3 months ago | |
| Go | Go | |
| - | BSD 3-clause "New" or "Revised" License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
inject
We haven't tracked posts mentioning inject yet.
Tracking mentions began in Dec 2020.
bluemonday
- Don't try to sanitize input. Escape output. (2020)
-
Geomys, a blueprint for a sustainable open-source maintenance firm
I'm really glad to see `bluemonday` in such company, but I'm also really happy to hand over the reigns to a group of engineers that can focus on OSS.
I am the author of https://github.com/microcosm-cc/bluemonday but being a maintainer is a journey, you make a tool for yourself, you realise others will benefit and open it up to others... time passes... and then you realise you are that tiny pillar in the XKCD comic about dependencies, and that when you make a casual update to the project that multiple security companies ping you to ask the impact and scope of the change, implications, and of course others ping you to say that it breaks their individual workflow.
I've known Filippo for almost as long as that library has existed, and I know it's in a safe pair of hands, and that Geomys is going to be a good home to all of the OSS projects that they have in their portfolio.
It's definitely a journey, how should these foundational elements be supported and funded? This is one answer to that question, and I'm glad it exists as my spare cycles were very few.
-
Sponsor the open source projects you depend on
I'm on the receiving end of donations from sourcegraph for this. It's around $10 per month from that single donation and is for the only Go HTML santizer, which you use when you have user generated / untrusted input that you need to display as HTML. https://github.com/microcosm-cc/bluemonday
For me the library has been good enough for my own use for a very very long time. I mostly neglect it unless there's some critical issue. I don't improve it at all as my time is better spent on my day job.
I've often thought that there's room for improvement such as a DOM style santizer to validate input rather than just a SAX style sanitizer, perhaps formatting of output in addition to sanitising input, transformation rules, etc.
When I got the donation I was surprised, first ever bit of support for open source software I'd written (as this was not written on company dime).
Even at $10 per month it's motivating enough to think someone values it. If it accrues into something significant I may actually feel motivated to improve it.
Interesting is that I'd regard this as successful by usage, it's used by virtually everything in the Go world that makes a website.
Perhaps people don't know it exists though? And for that awareness thanks to thanks.dev
-
How to secure POST API endpoint getting rich text editor HTML string
bluemonday is an html sanitizer you could try
-
Does anyone know of an HTML parser that would allow me to manipulate the HMTL? Namely I'm interested in stripping all attributes from strings.
For sanitizing html input at work we use https://github.com/microcosm-cc/bluemonday.
- Bluemonday: A fast Golang HTML sanitizer
-
How to validate a string is a valid HTML tag/attribute?
Sounds like a task for bluemonday.
- HTML Sanitizer API
What are some alternatives?
sh - A shell parser, formatter, and interpreter with bash support; includes shfmt
GoQuery - A little like that j-thing, only in Go.
toml - TOML parser for Golang with reflection.
go-pkg-xmlx
slug - URL-friendly slugify with multiple languages support.
jsonpath - JSONPath with dot notation generator for golang