js-xss
Themis
Our great sponsors
js-xss | Themis | |
---|---|---|
4 | 2 | |
5,094 | 1,807 | |
- | 0.8% | |
4.8 | 5.9 | |
about 2 months ago | 3 months ago | |
HTML | C | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
js-xss
-
Introducing xss-shield - protect your Express.js App from XSS Attacks
xss-shield is a powerful middleware package that helps you protect your express.js app from Cross-Site Scripting (XSS) attacks. It's built on top of the popular xss (https://www.npmjs.com/package/xss) package and includes additional features like strict typing
-
Is there any package that trims html tags?
I personally always tend to use this one. It's lightweight, configurable and has Typescript support built in
-
Storing user input html in a database for others users to see
Searching for XSS specifically actually comes up with a few - https://www.npmjs.com/package/xss looks solid. I was being to literal in my search! Should have tried bing.
-
Browser extension - Integrate your features securely
There are a few libraries you can use to protect from xss. For instance the xss library on npm.
Themis
- Themis: Strong, usable cryptography for busy people
-
Backstage: cryptographic R&D internship at Cossack Labs
Now, the real world work starts. We introduce interns to the world of popular cryptographic libraries, help them to make their first OSS contributions, and let them practice with our cryptographic library Themis which provides a high-level crypto API on 14 languages.
What are some alternatives?
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
tweetnacl-java - TweetNaCl in Java - a port of TweetNaCl-js
xss-filters
cryptography - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
Retire.js - scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
snyk - Snyk CLI scans and monitors your projects for security vulnerabilities. [Moved to: https://github.com/snyk/cli]
cidaas SDK for JS - With this SDK, you can integrate cidaas smoothly and with minimal effort into your javascript application. It enables you to map the most important user flows for OAuth2 and OIDC compliant authentication. Secure – Fast – And unrivaled Swabian.
NeDB - The JavaScript Database, for Node.js, nw.js, electron and the browser
showdown - A bidirectional Markdown to HTML to Markdown converter written in Javascript
Crypto++ - free C++ class library of cryptographic schemes