A secure-by-default, performance, cross-browser client-side HTML sanitization library

Перейти к файлу

Michael C. Fanning 8b6d8929bc Merge pull request #15 from ZhujiahuiFighting/master Fix: Fail to sanitize if the tag or attribute contains uppercase letters		2023-06-07 06:29:41 -07:00
AUTHORS	Update AUTHORS to add Google Inc.	2015-10-29 23:19:21 -07:00
CONTRIBUTORS	Update CONTRIBUTORS	2015-10-29 23:22:33 -07:00
LICENSE	Populate with preliminary content	2015-10-02 11:29:23 -07:00
README.md	Update README.md	2016-04-18 11:24:16 -07:00
SECURITY.md	Microsoft mandatory file	2022-09-22 23:00:39 +00:00
git	Remove unsafe script	2018-07-13 20:50:19 +08:00
jsanity-0.3.js	Merge pull request #15 from ZhujiahuiFighting/master	2023-06-07 06:29:41 -07:00
jsanity-benchmark-pretty.htm	Remove unnecessary X-UA-Compatible META tag	2016-04-18 09:48:12 -07:00
jsanity-demo-pretty.htm	Fixed small syntax error	2016-04-18 11:09:02 -07:00

README.md

jSanity

A secure-by-default, performant, cross-browser client-side HTML sanitization library.

Reference:
OWASP AppSec EU 2013 Talk
Slides

Status

2/18/2016: @kh9n has completed a significant refactoring.

jQuery and setImmediate dependencies were removed!
jSanity now supports both sync and async modes.
Version rev'd to 0.3.

Demo / Benchmark pages

Todo

Support for more elements and attributes
Update / document the demo & benchmark pages
Unit tests
Better solution for STYLE elements
Integration with one or more javascript frameworks
Experimental override for default sanitization in various web platforms
Leverage newer features of the web platform (Shadow DOM, etc.)
Remove jQuery usage from benchmark page
General code clean up / modernization

Special thanks for making jSanity a reality:

Ben Livshits
Gareth Heyes
Loris D'Antoni
Mario Heiderich
Matt Thomlinson
Michael Fanning