xss-filters
eslint-plugin-security
xss-filters | eslint-plugin-security | |
---|---|---|
2 | 3 | |
1,022 | 1,861 | |
- | - | |
0.0 | 6.4 | |
- | over 1 year ago | |
JavaScript | JavaScript | |
- | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xss-filters
- Técnicas de Programação Segura em JavaScript
-
How to Secure Nodejs Application.
As you can see in the snippet above, whatever the user puts in the search field, if not found in the database, will be sent back to the user in an unchanged form. What that means is that if an attacker puts JavaScript code instead of the product name in your search bar, the same JavaScript code will be executed. To validate the User input!You can use validator js or xss-filters for that.
eslint-plugin-security
-
How to Secure Nodejs Application.
We talked about automatic vulnerability scanning before, but you can go one step further and catch common security vulnerabilities even while writing the code. How? By using linter plugins like eslint-plugin-security. A security linter will notify you every time you use unsafe code practices (for example using eval or non-literal regex expressions).
- SAST for javascript modules
-
What is DevSecOps (using Heroku Flow as an example)
As an example, let’s consider a simple Node.js application. Developers commonly use ESlint to enforce consistent coding styles and to catch common problems. Enabling ESlint-plugin-security will also identify common security bugs:
What are some alternatives?
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
Retire.js - scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Themis - Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
cidaas SDK for JS - With this SDK, you can integrate cidaas smoothly and with minimal effort into your javascript application. It enables you to map the most important user flows for OAuth2 and OIDC compliant authentication. Secure – Fast – And unrivaled Swabian.
SuperTokens Community - Open source alternative to Auth0 / Firebase Auth / AWS Cognito
openzeppelin-solidity - OpenZeppelin Contracts is a library for secure smart contract development. [Moved to: https://github.com/OpenZeppelin/openzeppelin-contracts]
KeeWeb - Free cross-platform password manager compatible with KeePass
openzeppelin-contracts - OpenZeppelin Contracts is a library for secure smart contract development.