Your rich text could be a cross-site scripting vulnerability

This page summarizes the projects mentioned and recommended in the original post on dev.to

CodeRabbit: AI Code Reviews for Developers
Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.
coderabbit.ai
featured
Nutrient – The #1 PDF SDK Library, trusted by 10K+ developers
Other PDF SDKs promise a lot - then break. Laggy scrolling, poor mobile UX, tons of bugs, and lack of support cost you endless frustrations. Nutrient’s SDK handles billion-page workloads - so you don’t have to debug PDFs. Used by ~1 billion end users in more than 150 different countries.
www.nutrient.io
featured
  1. sxss-vulnerability-demo-app

    This is a demo application that demonstrates proper sanitization of raw html entered via a rich text editor

    To run this application, first clone this demo app repo and follow the "Running the application" instructions in the readme.md file.

  2. CodeRabbit

    CodeRabbit: AI Code Reviews for Developers. Revolutionize your code reviews with AI. CodeRabbit offers PR summaries, code walkthroughs, 1-click suggestions, and AST-based analysis. Boost productivity and code quality across all major languages with each PR.

    CodeRabbit logo
  3. DOMPurify

    DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

    Let's take a look at how we implement sanitization in the secure version of our vulnerable application. Since this application is primarily written using JavaScript, we use the dompurify library for the client side and the isomorphic-dompurify library for server-side sanitization. In the app.js program that acts as our web server, you will find an express endpoint /sanitized with a GET and POST implementation:

  4. github-writer

    GitHub Writer - WYSIWYG Rich-Text Editor for GitHub, powered by CKEditor.

    Another sign that your application might vulnerable to SXSS is simply whether or not you are using a rich text editor, such as TinyMCE or CKEditor.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts

  • Understanding Cross-Site Scripting (XSS): A Quick Reference

    1 project | dev.to | 28 Oct 2024
  • Mitigate XSS exploits when using React's `dangerously SetInnerHTML`

    1 project | dev.to | 12 Sep 2024
  • Navigating the Security Risks of Arbitrary Values in Tailwind CSS

    1 project | dev.to | 15 Aug 2024
  • Safely Handling HTML in React

    1 project | dev.to | 15 Jun 2024
  • Launched my Social Media website for lonely people living abroad, all thanks to NextJS!

    1 project | /r/nextjs | 8 Dec 2023

Did you know that JavaScript is
the 3rd most popular programming language
based on number of references?