Security News
Cloudflare Adds Security.txt Setup Wizard
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
dompurify
Advanced tools
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML, and SVG. It helps prevent Cross-Site Scripting (XSS) attacks by sanitizing HTML content to ensure it's safe to insert into the DOM. It is written in JavaScript and works in all modern web browsers.
Sanitizing HTML strings
This feature allows you to sanitize HTML strings to prevent XSS attacks. The code sample demonstrates how to sanitize a string that contains a potentially malicious script. The result of this code would be a safe string with the malicious parts removed.
DOMPurify.sanitize('<img src=x onerror=alert(1)//>');
Configuring the sanitizer
DOMPurify can be configured to allow certain tags, attributes, or schemes. In the code sample, the sanitizer is configured to allow only 'img' tags and will strip out any other tags, including scripts or event handlers.
DOMPurify.sanitize('<img src=x onerror=alert(1)//>', {ALLOWED_TAGS: ['img']});
Hooking into sanitization
DOMPurify allows you to add hooks that can modify the content during the sanitization process. In the code sample, a hook is added that will be called after the attributes of all nodes have been sanitized, allowing for custom manipulation of the nodes.
DOMPurify.addHook('afterSanitizeAttributes', function(node) { /* manipulate node */ });
sanitize-html is another HTML sanitizer that can clean up user-generated HTML, preventing XSS attacks. It is similar to DOMPurify but has a different API and set of defaults. It also allows for a high degree of customization in terms of what tags and attributes are allowed.
xss is a package that aims to filter input from users to prevent XSS attacks. It is similar to DOMPurify but includes different options and is more focused on filtering input as opposed to sanitizing existing HTML content.
FAQs
DOMPurify is a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. It's written in JavaScript and works in all modern browsers (Safari, Opera (15+), Internet Explorer (10+), Firefox and Chrome - as well as almost anything else usin
We found that dompurify demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Cloudflare has launched a setup wizard allowing users to easily create and manage a security.txt file for vulnerability disclosure on their websites.
Security News
The Socket Research team breaks down a malicious npm package targeting the legitimate DOMPurify library. It uses obfuscated code to hide that it is exfiltrating browser and crypto wallet data.
Security News
ENISA’s 2024 report highlights the EU’s top cybersecurity threats, including rising DDoS attacks, ransomware, supply chain vulnerabilities, and weaponized AI.