showdown VS js-xss

Compare showdown vs js-xss and see what are their differences.

showdown

A bidirectional Markdown to HTML to Markdown converter written in Javascript (by showdownjs)

js-xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist (by leizongmin)
Our great sponsors
  • SurveyJS - Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • WorkOS - The modern identity platform for B2B SaaS
showdown js-xss
14 4
13,858 5,087
0.8% -
0.0 4.8
8 days ago 26 days ago
JavaScript HTML
MIT License GNU General Public License v3.0 or later
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.

showdown

Posts with mentions or reviews of showdown. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2022-11-03.
  • How do I display a markdown table on a website with go backend?
    3 projects | /r/golang | 3 Nov 2022
    So you're going to need a Markdown parser that produces HTML. But there's a question of where is the data coming from and where you you want to process it? If it's going to be all on the frontend like a text editor, use a JS library for it (a quick google search produces ShowdownJS)
  • Docusaurus first impression and stealing like an open sourcer
    7 projects | dev.to | 31 Oct 2022
    Previously, I was required to implement the markdown support manually which meant that the use of public libraries was prohibited. My tool could only support limited styling elements such as header1, header2, links, bold and italics, but now I can finally let my tool have a full markdown support by using Showdown.
  • I made a full-stack portfolio site using Next.js and Tailwind!
    7 projects | dev.to | 18 Oct 2022
    The first two ages are very heavy on content so I decided to use markdown and tailwind’s typography plugin for styling. I also used showdown to fetch the markdown and turn it into HTML. The code for the above can be found on the site’s GitHub repository.
  • Markdown-Tag: Add Markdown to any HTML using a <md> tag
    2 projects | /r/webdev | 3 Jun 2022
    It looks like it uses showdown as the engine.
  • A Colorful Textarea
    2 projects | dev.to | 20 Dec 2021
    Adding syntax highlighting to an input field can be a hard task. supports neither styling of individual characters or words, nor HTML tags within itself, there is no fully supported native solution for that. Most editors work with contenteditable to actually render a fully marked up code snippet and let the user edit its content. This requires a lot of work to get it accessible (as in restore all the native functions of a textarea) and still adds a lot of complexity.
    If you don't want that and are just looking for a quick, dead-simple solution: Here's how to colorize a textarea.

    Solution

    The trick is to separate the input element from the displayed one. We can't color the content of a textarea, but we can make it invisible and replace it with marked up content. This works with monospaced fonts and fonts with a uniform width across normal, bold and italic characters. I'm using this for code and markdown, so that's perfectly acceptable for me. We also need to be careful to match the dimensions of the textarea exactly while only using font-relative units like em, to ensure that the highlight element scales well with the invisible textarea. The cursor is still in the textarea's context, while the text itself is rendered in the highlight element. We want to match every character of the textarea to match the highlighted one on a pixel-perfect basis.

    A 3D explosion schema of the layout. In the background is a greyed out textarea with a colored cursor after the last character. It's content is a code snipet of an empty html5 page. The foreground is the same text, but syntax-highlighted in bright colors. The cursor of the textarea reaches into the foreground.

    I also need to auto-resize my textarea. Since textareas usually scroll vertically, that would mess up the position matching with the highlight element. Auto-resizing seems like a graceful workaround to me.

    The highlghting itself would work with every code parser. I'm using highlight.js to convert markdown to syntax-highlighted HTML. I listen for content changes in the textarea and parse new rendered code on every input. To counter the worst performance hits, I'll just use requestAnimationFrame. Debouncing isn't an option here, because the user would only see what they've written after they've finished typing. That'd be very poor UX.

    Demo

    Note that this example also displays the rendered Markdown in a separate element. I'll use the change listener that I already have to splice in a Markdown renderer: Showdown.

    Pros

    • as accessible as a textarea
    • is a progressively enhanced feature
    • can be styled exactly to your needs
    • dead simple solution compared to a rich text editor

    Cons

    • has performance issues with large texts (as do textareas in general)
    • works only with monospaced fonts
    • works only with auto-sizing textareas

    This article was written in a textarea :)

  • Browser extension - Integrate your features securely
    2 projects | dev.to | 16 Feb 2021
    In order to transform the Markdown to HTLM, we can use a generator such as showdown. It's really easy to use:
  • CSS style to make HTML look like raw markdown
    2 projects | /r/Markdown | 7 Feb 2021
    or are you asking general technical question about markdown handling? there are existing solution which already do two-way convertion, including showdown and reddit comment box, the secret to make them "live" is to update both fields on key-down even

js-xss

Posts with mentions or reviews of js-xss. We have used some of these posts to build our list of alternatives and similar projects. The last one was on 2023-03-25.

What are some alternatives?

When comparing showdown and js-xss you can also consider the following projects:

DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance

xss-filters

remarkable - Markdown parser, done right. Commonmark support, extensions, syntax plugins, high speed - all in one. Gulp and metalsmith plugins available. Used by Facebook, Docusaurus and many others! Use https://github.com/breakdance/breakdance for HTML-to-markdown conversion. Use https://github.com/jonschlinkert/markdown-toc to generate a table of contents.

Themis - Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.

Retire.js - scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.

cidaas SDK for JS - With this SDK, you can integrate cidaas smoothly and with minimal effort into your javascript application. It enables you to map the most important user flows for OAuth2 and OIDC compliant authentication. Secure – Fast – And unrivaled Swabian.

Markdig - A fast, powerful, CommonMark compliant, extensible Markdown processor for .NET

smart-contract-best-practices - A guide to smart contract security best practices

SuperTokens Community - Open source alternative to Auth0 / Firebase Auth / AWS Cognito

markdown-raw - CSS style to make HTML look like raw markdown

node-html-to-text - Advanced html to text converter