microsoft
/
JSanity
зеркало из https://github.com/microsoft/JSanity.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
A secure-by-default, performance, cross-browser client-side HTML sanitization library
68 коммитов 5 Ветки 0 Теги 160 KiB
JavaScript 82.5%
HTML 17.5%
Перейти к файлу
microsoft-github-policy-service[bot] a2c0525224
Microsoft mandatory file 		2022-08-29 14:06:04 +00:00
AUTHORS Update AUTHORS to add Google Inc. 2015-10-29 23:19:21 -07:00
CONTRIBUTORS Update CONTRIBUTORS 2015-10-29 23:22:33 -07:00
LICENSE Populate with preliminary content 2015-10-02 11:29:23 -07:00
README.md Update README.md 2016-04-18 11:24:16 -07:00
SECURITY.md Microsoft mandatory file 2022-08-29 14:06:04 +00:00
git Remove unsafe script 2018-07-13 20:50:19 +08:00
jsanity-0.3.js Add safe SVG presentation attributes to known css properties 2018-07-22 12:23:55 +08:00
jsanity-benchmark-pretty.htm Remove unnecessary X-UA-Compatible META tag 2016-04-18 09:48:12 -07:00
jsanity-demo-pretty.htm Fixed small syntax error 2016-04-18 11:09:02 -07:00

README.md

jSanity

A secure-by-default, performant, cross-browser client-side HTML sanitization library.

Reference:
OWASP AppSec EU 2013 Talk
Slides

Status

2/18/2016: @kh9n has completed a significant refactoring.

  • jQuery and setImmediate dependencies were removed!
  • jSanity now supports both sync and async modes.
  • Version rev'd to 0.3.

Demo / Benchmark pages

Demo
Benchmark

Todo

  • Support for more elements and attributes
  • Update / document the demo & benchmark pages
  • Unit tests
  • Better solution for STYLE elements
  • Integration with one or more javascript frameworks
  • Experimental override for default sanitization in various web platforms
  • Leverage newer features of the web platform (Shadow DOM, etc.)
  • Remove jQuery usage from benchmark page
  • General code clean up / modernization

Special thanks for making jSanity a reality:

  • Ben Livshits
  • Gareth Heyes
  • Loris D'Antoni
  • Mario Heiderich
  • Matt Thomlinson
  • Michael Fanning