Skip to content

A secure-by-default, performance, cross-browser client-side HTML sanitization library

License

Notifications You must be signed in to change notification settings

microsoft/JSanity

Repository files navigation

jSanity

A secure-by-default, performant, cross-browser client-side HTML sanitization library.

Reference:
OWASP AppSec EU 2013 Talk
Slides

Status

2/18/2016: @kh9n has completed a significant refactoring.

  • jQuery and setImmediate dependencies were removed!
  • jSanity now supports both sync and async modes.
  • Version rev'd to 0.3.

Demo / Benchmark pages

Demo
Benchmark

Todo

  • Support for more elements and attributes
  • Update / document the demo & benchmark pages
  • Unit tests
  • Better solution for STYLE elements
  • Integration with one or more javascript frameworks
  • Experimental override for default sanitization in various web platforms
  • Leverage newer features of the web platform (Shadow DOM, etc.)
  • Remove jQuery usage from benchmark page
  • General code clean up / modernization

Special thanks for making jSanity a reality:

  • Ben Livshits
  • Gareth Heyes
  • Loris D'Antoni
  • Mario Heiderich
  • Matt Thomlinson
  • Michael Fanning

About

A secure-by-default, performance, cross-browser client-side HTML sanitization library

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published