зеркало из https://github.com/microsoft/JSanity.git
8b6d8929bc
Fix: Fail to sanitize if the tag or attribute contains uppercase letters |
||
---|---|---|
AUTHORS | ||
CONTRIBUTORS | ||
LICENSE | ||
README.md | ||
SECURITY.md | ||
git | ||
jsanity-0.3.js | ||
jsanity-benchmark-pretty.htm | ||
jsanity-demo-pretty.htm |
README.md
jSanity
A secure-by-default, performant, cross-browser client-side HTML sanitization library.
Reference:
OWASP AppSec EU 2013 Talk
Slides
Status
2/18/2016: @kh9n has completed a significant refactoring.
- jQuery and setImmediate dependencies were removed!
- jSanity now supports both sync and async modes.
- Version rev'd to 0.3.
Demo / Benchmark pages
Todo
- Support for more elements and attributes
- Update / document the demo & benchmark pages
- Unit tests
- Better solution for STYLE elements
- Integration with one or more javascript frameworks
- Experimental override for default sanitization in various web platforms
- Leverage newer features of the web platform (Shadow DOM, etc.)
- Remove jQuery usage from benchmark page
- General code clean up / modernization
Special thanks for making jSanity a reality:
- Ben Livshits
- Gareth Heyes
- Loris D'Antoni
- Mario Heiderich
- Matt Thomlinson
- Michael Fanning