A secure-by-default, performance, cross-browser client-side HTML sanitization library
Перейти к файлу
Michael C. Fanning 8b6d8929bc
Merge pull request #15 from ZhujiahuiFighting/master
Fix: Fail to sanitize if the tag or attribute contains uppercase letters
2023-06-07 06:29:41 -07:00
AUTHORS Update AUTHORS to add Google Inc. 2015-10-29 23:19:21 -07:00
CONTRIBUTORS Update CONTRIBUTORS 2015-10-29 23:22:33 -07:00
LICENSE Populate with preliminary content 2015-10-02 11:29:23 -07:00
README.md Update README.md 2016-04-18 11:24:16 -07:00
SECURITY.md Microsoft mandatory file 2022-09-22 23:00:39 +00:00
git Remove unsafe script 2018-07-13 20:50:19 +08:00
jsanity-0.3.js Merge pull request #15 from ZhujiahuiFighting/master 2023-06-07 06:29:41 -07:00
jsanity-benchmark-pretty.htm Remove unnecessary X-UA-Compatible META tag 2016-04-18 09:48:12 -07:00
jsanity-demo-pretty.htm Fixed small syntax error 2016-04-18 11:09:02 -07:00

README.md

jSanity

A secure-by-default, performant, cross-browser client-side HTML sanitization library.

Reference:
OWASP AppSec EU 2013 Talk
Slides

Status

2/18/2016: @kh9n has completed a significant refactoring.

  • jQuery and setImmediate dependencies were removed!
  • jSanity now supports both sync and async modes.
  • Version rev'd to 0.3.

Demo / Benchmark pages

Demo
Benchmark

Todo

  • Support for more elements and attributes
  • Update / document the demo & benchmark pages
  • Unit tests
  • Better solution for STYLE elements
  • Integration with one or more javascript frameworks
  • Experimental override for default sanitization in various web platforms
  • Leverage newer features of the web platform (Shadow DOM, etc.)
  • Remove jQuery usage from benchmark page
  • General code clean up / modernization

Special thanks for making jSanity a reality:

  • Ben Livshits
  • Gareth Heyes
  • Loris D'Antoni
  • Mario Heiderich
  • Matt Thomlinson
  • Michael Fanning