Top 7 JavaScript Xss Projects

Xss

• Add a project

1. DOMPurify

   1 50 15,114 8.8 JavaScript

   DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

   

   Project mention: Your rich text could be a cross-site scripting vulnerability | dev.to | 2024-12-16

   Let's take a look at how we implement sanitization in the secure version of our vulnerable application. Since this application is primarily written using JavaScript, we use the dompurify library for the client side and the isomorphic-dompurify library for server-side sanitization. In the app.js program that acts as our web server, you will find an express endpoint /sanitized with a GET and POST implementation:

2. SurveyJS

   surveyjs.io featured

   JavaScript Form Builder with No-Code UI & Built-In JSON Schema Editor. Add the SurveyJS white-label form builder to your JavaScript app (React/Angular/Vue3). Build complex JSON forms without coding. Fully customizable, works with any backend, perfect for data-heavy apps. Learn more.

   

3. AwesomeXSS

   2 2 4,910 2.9 JavaScript

   Awesome XSS stuff

   

4. Tiny-XSS-Payloads

   3 1 2,088 5.0 JavaScript

   A collection of tiny XSS Payloads that can be used in different contexts. https://tinyxss.terjanq.me

   

5. HackVault

   4 3 1,985 0.0 JavaScript

   A container repository for my public web hacks!

   

6. noscript

   5 63 917 9.4 JavaScript

   The popular NoScript Security Suite browser extension.

   

   Project mention: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger | news.ycombinator.com | 2025-02-19

   > In each of the fake group invites, JavaScript code that typically redirects the user to join a Signal group has been replaced by a malicious block containing the Uniform Resource Identifier (URI) used by Signal to link a new device to Signal (i.e., "sgnl://linkdevice?uuid="), tricking victims into linking their Signal accounts to a device controlled by UNC5792.

   Missing from their recommendations: Install No Script: https://noscript.net/

7. isomorphic-dompurify

   6 1 472 8.4 JavaScript

   Use DOMPurify on server and client in the same way

   

8. sanitizer-polyfill

   7 1 67 7.0 JavaScript

   rewrite constructor arguments, call DOMPurify, profit

   

9. Civic Auth

   www.civic.com featured

   Auth in Less Than 5 Minutes. Civic Auth comes with multiple SSO options, optional embedded wallets, and user management — all implemented with just a few lines of code. Start building today.

   

JavaScript Xss related posts

• Your rich text could be a cross-site scripting vulnerability

  3 projects | dev.to | 16 Dec 2024

• How to use Tor - Part 1 - Motivation

  1 project | dev.to | 13 Dec 2024

• Understanding Cross-Site Scripting (XSS): A Quick Reference

  1 project | dev.to | 28 Oct 2024

• How to Encrypt JavaScript Code for Web Security

  3 projects | dev.to | 25 Oct 2024

• Securing JavaScript Applications: Common Vulnerabilities and How to Avoid Them

  2 projects | dev.to | 15 Sep 2024

• Mitigate XSS exploits when using React's `dangerously SetInnerHTML`

  1 project | dev.to | 12 Sep 2024

• Navigating the Security Risks of Arbitrary Values in Tailwind CSS

  1 project | dev.to | 15 Aug 2024
• A note from our sponsor - InfluxDB
  www.influxdata.com | 15 May 2025

  InfluxDB 3 OSS is now GA. Transform, enrich, and act on time series data directly in the database. Automate critical tasks and eliminate the need to move data externally. Download now. Learn more →

Index

Sponsored

JavaScript Form Builder with No-Code UI & Built-In JSON Schema Editor

Add the SurveyJS white-label form builder to your JavaScript app (React/Angular/Vue3). Build complex JSON forms without coding. Fully customizable, works with any backend, perfect for data-heavy apps. Learn more.

surveyjs.io

Do not miss the trending JavaScript projects with our weekly report!