xss-mini
xss-mini
is a lightweight Javascript library for sanitizing HTML input to prevent XSS (Cross-Site Scripting) attacks. It allows configurable tags and attributes to be whitelisted.
Installation
npm install xss-mini
Usage
In JavaScript
const xss = require('xss-mini');
const userInput = '<h1>Title</h1> <b>Hello</b> <script>alert("XSS Attack!");</script> <a href="http://example.com" onclick="maliciousFunction()">link</a>';
const safeHtml = xss(userInput);
console.log(safeHtml);
Custom Configuration
You can customise the allowed tags and attributes:
import xss from 'xss-mini';
const customAllowedTags = ['b', 'i', 'em', 'strong', 'a', 'p', 'h1', 'h2'];
const customAllowedAttributes = {
'a': ['href', 'title'],
'*': ['class', 'style']
};
const userInput = '<h1>Title</h1> <b>Hello</b> <script>alert("XSS Attack!");</script> <a href="http://example.com" onclick="maliciousFunction()">link</a>';
const safeHtml = xss(userInput, customAllowedTags, customAllowedAttributes);
console.log(safeHtml);
License
MIT License