jSanity
A secure-by-default, performant, cross-browser client-side HTML sanitization library.
Reference:
OWASP AppSec EU 2013 Talk
Slides
Status
2/18/2016: @kh9n has completed a significant refactoring.
- jQuery and setImmediate dependencies were removed!
- jSanity now supports both sync and async modes.
- Version rev'd to 0.3.
Demo / Benchmark pages
Demo
Benchmark
Todo
- Support for more elements and attributes
- Update / document the demo & benchmark pages
- Unit tests
- Better solution for STYLE elements
- Integration with one or more javascript frameworks
- Experimental override for default sanitization in various web platforms
- Leverage newer features of the web platform (Shadow DOM, etc.)
- Remove jQuery usage from benchmark page
- General code clean up / modernization
Special thanks for making jSanity a reality:
- Ben Livshits
- Gareth Heyes
- Loris D'Antoni
- Mario Heiderich
- Matt Thomlinson
- Michael Fanning