XSS

Escape a string for use in HTML or the inverse

DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist

Sanitize untrusted CSS with a configuration specified by a Whitelist. 根据白名单过滤CSS

Content Security Policy middleware

Middleware to disable the X-XSS-Protection header

Express middleware for the validator module.

hast utility to sanitize nodes

Makes it possible to use DOMPurify on server and client in the same way.

rehype plugin to sanitize HTML

Secure XSS Filters - Just sufficient output filtering to prevent XSS!

Validates XSS related issues of mixing HTML and non-HTML content in variables.

middleware to sanitize user input

Safe replacement for the v-html directive

Jam3 eslint plugin for react

Node.js agent for Sqreen, please see https://www.sqreen.io/

TypeScript definitions for Yahoo XSS Filters

XSS filter extension for showdown

Express middleware for the sanitizer module.

Disallow jQuery functions with XSS potential.

Various XSS-hunter ESLint rules

Various sanitizer, escaper, encoder, and utilities to prevent XSS

Express 4.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.

Escape string for use in html

一个开箱即用的Vue.js插件，可通过简单的方式防止XSS攻击

General purpose I/O module to add following http headers to keep your webpages securing them from malware attacks. This module can be used with any node http server.

merge to `w-statistic`

🛡 Security Module for Nuxt based on OWASP Top 10 and Helmet

Vue.js 2.x and 3.x plugin to add HTML secure directives v-html-remove, v-html-escape, v-html-safe

XSS Secure

Anti-XSS filters for security

A modern oembed client. Allows you to register filters to improve or supply oembed support for sites that don't normally have it. You can also supply a allowlist of services you trust to prevent XSS attacks.

a small script to remove script tags from SVGs

Markdown to HTML using marked and DOMPurify. Safe by default.

A webpack plugin that adds a hash-based strict CSP to help protect your site against XSS attacks.

Safely strip DOM tags from a HTML string to prevent XSS attacks.

Escapes content for prevention of XSS (Cross Site Scripting) attacks.

This module Sanitizes HTML input, stripping all tags and attributes that aren't whitelisted.HTML sanitization can be used to protect against cross-site scripting (XSS) attacks by sanitizing any HTML code submitted by a user.

This package helps to filter the input text that is malicious and intended to attack the server.

Express middleware for the sanitizer module using Caja's HTML Sanitizer and HTML escape using htmlencode.

automatic sanitization of req body fields, params and query. uses caja. automatically does sanitization and escaping as middleware.

Escape a string for use in HTML or the inverse

A support package for web developer.

Mongoose Sanitizer Plugin

Express middleware for the sanitizer module using Caja's HTML Sanitizer.

a complete package to control user input data to prevent Cross Site Scripting (XSS) ,Sql injection and no Sql injection attack

A Backend Server

[](https://travis-ci.org/RisingStack/protect)

To automatically apply context-sensitive XSS output filtering for Handlebars

XSS mitigation for Polymer webcomponents that uses safe html type contracts