-
DOMPurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
-
bearer
Code security scanning tool (SAST) to discover, filter and prioritize security and privacy risks.
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
If you're using an external view engine, or a javascript framework like react in addition to your ruby backend, you can rely on similar sanitization methods like the DOMPurify library.
It can be challenging to keep up with security best practices. In addition to watching for vulnerability reports, you can also run regular scans on your codebase with a SAST tool like Bearer CLI. It's a free and secure way to get practical security feedback on your ruby code. Check it out on GitHub at bearer/bearer.
Related posts
-
Lessons from open-source: Use window.trustedTypes to prevent DOM XSS.
-
Launched my Social Media website for lonely people living abroad, all thanks to NextJS!
-
Show HN: Bearer Code Security Scanner Add Support for Java, PHP, Go, and Python
-
Mitigating DOM clobbering attacks in JavaScript
-
Detecting sensitive data shared with OpenAI