Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
xssfilter-js
Advanced tools
Readme
注入攻击过滤器(兼容IE)-实现过滤文本或DOM元素中的敏感关键字防止XSS、命令注入、sql注入攻击
大小:4KB
NPM 地址:https://www.npmjs.com/package/xssfilter-js
npm install xssfilter-js
//创建一个InjectFilter对象,可传入options配置对象
var inf = new InjectFilter(options);
options.tokens = 可添加额外的自定义过滤字符,对象类型键值对
{'需要替换的目标字符':'字符1'}
key为需要替换的字符,value为想要将目标字符替换成的字符。
options.xss = true;
默认为true。 需为布尔值,是否启用过滤xss注入
options.command = true;
默认为true。 需为布尔值,是否启用过滤command(命令注入)
options.sql = true;
默认为true。 需为布尔值,是否启用过滤sql注入
注:命令和sql将过滤成对应的‘全角’文本(如select 、delete from、ping )
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Document</title>
<script src="injectFilter.js"></script>
<script src="https://cdn.bootcdn.net/ajax/libs/jquery/3.5.1/jquery.js"></script>
</head>
<body>
<div id='aa' onclick="javascript:alert('hello world')">) or 1=1</div>
</body>
<script>
var inf = new InjectFilter({tokens:{'or':'|||'}});
$('#aa').html(inf.filter(document.getElementById('aa')))
</script>
</html>
ES6:
import injectFilter from './injectFilter';
FAQs
Injection attack filter-to filter sensitive keywords in text or DOM elements to prevent XSS, command injection, and sql injection attacks
The npm package xssfilter-js receives a total of 2 weekly downloads. As such, xssfilter-js popularity was classified as not popular.
We found that xssfilter-js demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.