|4 days ago||11 days ago|
|Apache License 2.0||GNU General Public License v3.0 or later|
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Backstage: cryptographic R&D internship at Cossack Labs
4 projects | dev.to | 12 May 2021
Now, the real world work starts. We introduce interns to the world of popular cryptographic libraries, help them to make their first OSS contributions, and let them practice with our cryptographic library Themis which provides a high-level crypto API on 14 languages.
Storing Rich Text from ReactJS Editor
2 projects | reddit.com/r/PostgreSQL | 1 Aug 2022
Displaying WYSIWYG editor's output with React
2 projects | reddit.com/r/webdev | 6 Jul 2022
https://www.npmjs.com/package/dompurify or similar libraries can actually do the escaping themselves, but you will be able to set what tags you allow or what not to allow. The list of allowed tags needs to be similar to what you allow in the CKEditor. By using this library to sanitize the input, you will be able to actually use dangerouslySetHtml without issues
is it recomended to use html templates instead of .innerHTML
Do you trust the Obsidian company?
8 projects | reddit.com/r/ObsidianMD | 21 Apr 2022
DOMPurify [Apache 2.0] or [Mozilla 2.0] https://cure53.de/purify
Building a Serverless Application with Next.js and CockroachDB!
7 projects | dev.to | 13 Mar 2022
To purify the content inside of our input fields, let's use dompurify.
How to choose a third party package
6 projects | dev.to | 4 Dec 2021
As mentioned in Fit your need, many packages try to solve a general problem (thus the size of the package is large). You may only need a small part of the package. Sometimes, your problem is unique and there are no existing third party packages out there that solve it. In those cases, it's a great time for you to do it yourself. I found myself in the early days in the industry spending much time finding a third party package to help me build features. But over time, I more rarely used external packages for my daily tasks. It doesn't mean that I always reinvent the wheel. It means that I know what I am doing and I can seek help from the community when I truly need to (for example I will never sanitize user input by myself, but use DOMPurify)
VSCode built with jQuery?
2 projects | reddit.com/r/vscode | 17 Oct 2021
How To Parse and Render Markdown In Vuejs
6 projects | dev.to | 26 Aug 2021
Vue does not have as much support for Vue as there is for React. Examples are markdown-it, Remark.js, marked.js. But hopefully in the future, there should be more support, and after much research, I picked marked.js because it has the most stars and has zero vulnerability. Marked does not sanitize (meaning it does not secure HTML documents from attacks like cross-site scripting (XSS) ) marked output HTML as that feature is deprecated and has vulnerability but however, it supports the use of other libraries to secure output HTML such as DOMPurify (recommended), sanitize-html or insane.
A contentEditable, pasted garbage and caret placement walk into a pub
2 projects | news.ycombinator.com | 23 Jul 2021
I would highly recommend using DOMPurify over sanitize-html. It is a lot smaller in bundle size, it is also well maintained: https://github.com/cure53/DOMPurify
The author mentions to build their own sanitizer, which I would recommend against. Maybe for this use case (extracting a few b tags), it’d be fine, but as soon as links are involved: please stand on the shoulder of giants in order to prevent XSS.
Sending Contact Form Messages to Your Email Inbox
2 projects | dev.to | 21 Feb 2021
Since we are dealing with user input sanitizing it is a good security practice, you can set up any user input sanitizing method you are familiar with, a good start can be DOMPurify.
What are some alternatives?
sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
HtmlSanitizer - Cleans HTML to avoid XSS attacks
Next.js - The React Framework
SuperTokens Community - Open source alternative to Auth0 / Firebase Auth / AWS Cognito
cryptography - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
tweetnacl-java - TweetNaCl in Java - a port of TweetNaCl-js
Crypto++ - free C++ class library of cryptographic schemes
Thymeleaf - Thymeleaf is a modern server-side Java template engine for both web and standalone environments.