Our great sponsors
|2 months ago||17 days ago|
|GNU General Public License v3.0 or later||MIT License|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Introducing xss-shield - protect your Express.js App from XSS Attacks
2 projects | reddit.com/r/webdev | 25 Mar 2023
xss-shield is a powerful middleware package that helps you protect your express.js app from Cross-Site Scripting (XSS) attacks. It's built on top of the popular xss (https://www.npmjs.com/package/xss) package and includes additional features like strict typing
Browser extension - Integrate your features securely
2 projects | dev.to | 16 Feb 2021
There are a few libraries you can use to protect from xss. For instance the xss library on npm.
Add Mastodon replies to your blog
4 projects | dev.to | 27 Dec 2022
One thing to watch out for is that the content of each reply is HTML. To be safe (paranoid), I'm running the HTML through sanitize-html to make sure nobody can inject sketchy HTML into my site.
Made an IMDB application using the TMDB API. The design is a bit similar to what you find on a streaming website. I made this with HTML, SCSS & Vanilla JS. Tips, feedback & suggestions would be greatly appreciated.
3 projects | reddit.com/r/webdev | 26 Jun 2022
Don't forget to sanitize your HTML using https://github.com/apostrophecms/sanitize-html or upcoming feature: https://developer.mozilla.org/en-US/docs/Web/API/HTML_Sanitizer_API because https://nimb.ws/leTXDt
How To Parse and Render Markdown In Vuejs
6 projects | dev.to | 26 Aug 2021
Vue does not have as much support for Vue as there is for React. Examples are markdown-it, Remark.js, marked.js. But hopefully in the future, there should be more support, and after much research, I picked marked.js because it has the most stars and has zero vulnerability. Marked does not sanitize (meaning it does not secure HTML documents from attacks like cross-site scripting (XSS) ) marked output HTML as that feature is deprecated and has vulnerability but however, it supports the use of other libraries to secure output HTML such as DOMPurify (recommended), sanitize-html or insane.
What are some alternatives?
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Themis - Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
smart-contract-best-practices - A guide to smart contract security best practices
SuperTokens Community - Open source alternative to Auth0 / Firebase Auth / AWS Cognito