xss-filters
openzeppelin-contracts
Our great sponsors
xss-filters | openzeppelin-contracts | |
---|---|---|
2 | 234 | |
1,022 | 24,109 | |
- | 1.7% | |
0.0 | 9.5 | |
- | 2 days ago | |
JavaScript | JavaScript | |
- | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
xss-filters
- Técnicas de Programação Segura em JavaScript
-
How to Secure Nodejs Application.
As you can see in the snippet above, whatever the user puts in the search field, if not found in the database, will be sent back to the user in an unchanged form. What that means is that if an attacker puts JavaScript code instead of the product name in your search bar, the same JavaScript code will be executed. To validate the User input!You can use validator js or xss-filters for that.
openzeppelin-contracts
-
Mode - Comprehensive Starter Guide
// SPDX-License-Identifier: GPL-3.0 pragma solidity ^0.8.20; import "https://github.com/OpenZeppelin/openzeppelin-contracts/blob/v5.0.0/contracts/token/ERC20/ERC20.sol"; interface Sfs { function register(address _recipient) external returns (uint256 tokenId); } contract ModeToken is ERC20 { address feeReceiver = msg.sender; constructor() ERC20("ModeTokenSFSTest", "SFST2") { //Example amount to mint our ERC20 _mint(msg.sender, 1000 10 * 18); // This is the SFS contract address on testnet Sfs sfsContract = Sfs(0xBBd707815a7F7eb6897C7686274AFabd7B579Ff6); //Registers this contract and assigns the NFT //to the deployer of this contract sfsContract.register(msg.sender); } }
-
Blockchain transactions decoding: making wallet activity understandable
Lets look the events of Open Zeppelin’s ERC20 token contract:
- Construir e implementar un VAULT (bóveda) ERC20 en Shardeum
-
Are ERC-777 Unsafe?
ERC-777 is difficult to implement properly, due to its susceptibility to different forms of attack(opens in a new tab). It is recommended to use ERC-20 instead. This page remains as a historical archive.
- OpenZeppelin is trying to avoid paying a bounty for a vulnerability that caused $1,1B worth of assets freeze
- Security improvements of the ERC20 token standard
- Ethereums most used token standard ERC20 requires security enhancements
- The most used Ethereums token standard (ERC20) requires a security patch.
What are some alternatives?
DOMPurify - DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
solmate - Modern, opinionated, and gas optimized building blocks for smart contract development.
js-xss - Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist
hardhat - Hardhat is a development environment to compile, deploy, test, and debug your Ethereum software.
sanitize-html - Clean up user-submitted HTML, preserving whitelisted elements and whitelisted attributes on a per-element basis. Built on htmlparser2 for speed and tolerance
ERC721A - https://ERC721A.org
Retire.js - scanner detecting the use of JavaScript libraries with known vulnerabilities. Can also generate an SBOM of the libraries it finds.
Safemoon.sol - safemoon contract
Themis - Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms.
solidity - Solidity, the Smart Contract Programming Language
cidaas SDK for JS - With this SDK, you can integrate cidaas smoothly and with minimal effort into your javascript application. It enables you to map the most important user flows for OAuth2 and OIDC compliant authentication. Secure – Fast – And unrivaled Swabian.
truffle - :warning: The Truffle Suite is being sunset. For information on ongoing support, migration options and FAQs, visit the Consensys blog. Thank you for all the support over the years.