Socket
Socket
Sign inDemoInstall

xss

Package Overview
Dependencies
Maintainers
1
Versions
71
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

xss

Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist


Version published
Weekly downloads
2.4M
decreased by-3.25%
Maintainers
1
Weekly downloads
 
Created

What is xss?

The xss npm package is a library designed to sanitize input from users to prevent Cross-Site Scripting (XSS) attacks. It filters input from the user and escapes or removes any potentially malicious scripts, ensuring that the output is safe to display on web pages.

What are xss's main functionalities?

HTML Filtering

This feature allows you to filter out any HTML tags and content that could lead to XSS attacks, leaving only the safe content.

const xss = require('xss');
let html = '<script>alert("xss");</script><div>safe content</div>';
let safeHtml = xss(html);
console.log(safeHtml); // Output: '<div>safe content</div>'

Custom Rule Configuration

This feature allows you to define custom rules for what HTML tags and attributes are allowed, giving you fine-grained control over the sanitization process.

const xss = require('xss');
let options = {
  whiteList: {
    a: ['href', 'title', 'target'],
    p: [],
    div: []
  },
  stripIgnoreTag: true
};
let html = '<a href="http://example.com" onclick="stealCookies()">Link</a>';
let safeHtml = xss(html, options);
console.log(safeHtml); // Output: '<a href="http://example.com">Link</a>'

Escape HTML

This feature provides a method to escape HTML, converting HTML special characters to their corresponding entities, which is useful when you want to display the original HTML code on the web page without rendering it.

const xss = require('xss');
let html = '<div>hello</div>';
let escapedHtml = xss.escapeHtml(html);
console.log(escapedHtml); // Output: '&lt;div&gt;hello&lt;/div&gt;'

Other packages similar to xss

Keywords

FAQs

Package last updated on 03 Mar 2024

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc