2.0.1 • Published 1 year ago

xss-mini v2.0.1

Weekly downloads
-
License
MIT
Repository
github
Last release
1 year ago

xss-mini

NPM version Build Status Test Coverage License Dependencies

xss-mini is a lightweight Javascript library for sanitizing HTML input to prevent XSS (Cross-Site Scripting) attacks. It allows configurable tags and attributes to be whitelisted.

Installation

npm install xss-mini

Usage

In JavaScript

const xss = require('xss-mini');

const userInput = '<h1>Title</h1> <b>Hello</b> <script>alert("XSS Attack!");</script> <a href="http://example.com" onclick="maliciousFunction()">link</a>';
const safeHtml = xss(userInput);

console.log(safeHtml); // Outputs: <h1>Title</h1> <b>Hello</b> <a href="http://example.com">link</a>

Custom Configuration

You can customise the allowed tags and attributes:

import xss from 'xss-mini';

const customAllowedTags = ['b', 'i', 'em', 'strong', 'a', 'p', 'h1', 'h2'];
const customAllowedAttributes = {
  'a': ['href', 'title'],
  '*': ['class', 'style']
};

const userInput = '<h1>Title</h1> <b>Hello</b> <script>alert("XSS Attack!");</script> <a href="http://example.com" onclick="maliciousFunction()">link</a>';
const safeHtml = xss(userInput, customAllowedTags, customAllowedAttributes);

console.log(safeHtml); // Outputs: <h1>Title</h1> <b>Hello</b> <a href="http://example.com">link</a>

License

MIT License

xsssanitizehtmlsecurity
dom-parser-mini
2.0.1

1 year ago

1.0.5

1 year ago

1.0.4

1 year ago

1.0.3

1 year ago

1.0.2

1 year ago

1.0.1

1 year ago

1.0.0

1 year ago