xsslint

Find potential XSS vulnerabilities

0.0.1
Source
npm

Version published: 10 years ago

Maintainers: 1

Created: 10 years ago

Source

xsslint

Find potential vulneribilities in your ~~jquery spaghetti~~ beautiful code, e.g.

$('h2').html("Hello <i>" + unsafeVar + "</i>")

installation

npm install xsslint

usage

var glob = require("glob");
var XSSLint = require("xsslint");
var files = glob.sync("path/to/files/**/*.js");
files.forEach(function(file) {
  XSSLint.run(file);
});

This will give you a bunch of warnings like:

foo.js:123: possibly XSS-able `html()` call

Evaluate each one, and either:

Fix it, if it's an actual problem
If it's a false positive, flag it as such, i.e.
- Set your own global XSSLint.configure to match your conventions. For example, if you prefix JQuery object variables with a $, and you have an html-escaping function called htmlEscape, you'd want:
```
 XSSLint.configure({
   "jqueryObject.identifier": /^\$/,
   "safeString.function":     "htmlEscape"
});
```
- Set your own file-specific config overrides via comment, e.g.
```
 // xsslint jqueryObject.property jQ
 // xsslint safeString.property /Html$/
```
See the default configuration to get an idea what kinds of things can be set.

FAQs

What is xsslint?

Is xsslint well maintained?

Package last updated on 18 Dec 2014

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

xsslint

xsslint

installation

usage

Related posts

Malicious npm Package Targets Solana Developers and Hijacks Funds

Typosquatting Cryptographic Libraries: Malicious npm Packages Threaten Crypto Developers with Keylogging and Wallet Theft