Our great sponsors
-
bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
Of course, the problem is there are many different ways of giving thanks, so a protocol is required, that's the hard part actually in this space, standardization.
[1] https://github.com/ly3xqhl8g9/delicense
I'm on the receiving end of donations from sourcegraph for this. It's around $10 per month from that single donation and is for the only Go HTML santizer, which you use when you have user generated / untrusted input that you need to display as HTML. https://github.com/microcosm-cc/bluemonday
For me the library has been good enough for my own use for a very very long time. I mostly neglect it unless there's some critical issue. I don't improve it at all as my time is better spent on my day job.
I've often thought that there's room for improvement such as a DOM style santizer to validate input rather than just a SAX style sanitizer, perhaps formatting of output in addition to sanitising input, transformation rules, etc.
When I got the donation I was surprised, first ever bit of support for open source software I'd written (as this was not written on company dime).
Even at $10 per month it's motivating enough to think someone values it. If it accrues into something significant I may actually feel motivated to improve it.
Interesting is that I'd regard this as successful by usage, it's used by virtually everything in the Go world that makes a website.
Perhaps people don't know it exists though? And for that awareness thanks to thanks.dev
There are several similar services out there, some of them are listed in the patronage section of the FOSSjobs wiki:
https://github.com/fossjobs/fossjobs/wiki/resources#patronag...
Why Array.isArray() when you can require("is-array").isArray()?
deep-equal has 43 packages that are mostly has-*, is-* packages (https://npmgraph.js.org/?q=deep-equal) and you’ll find this package included in a lot of upstream libraries.
Related posts
- LongRoPE: Extending LLM Context Window Beyond 2M Tokens
-
utype VS pydantic - a user suggested alternative
2 projects | 15 Feb 2024
- Show HN: Hucksh – A Shell with a Good Memory
- If you're late, consider creating your CV with this Python code: RenderCV
- The Windows installer of ImageMagick will no longer be signed