A secure-by-default, performance, cross-browser client-side HTML sanitization library
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.

README.md

jSanity

A secure-by-default, performant, cross-browser client-side HTML sanitization library.

Reference:
OWASP AppSec EU 2013 Talk
Slides

Status

2/18/2016: @kh9n has completed a significant refactoring.

  • jQuery and setImmediate dependencies were removed!
  • jSanity now supports both sync and async modes.
  • Version rev'd to 0.3.

Demo / Benchmark pages

Demo
Benchmark

Todo

  • Support for more elements and attributes
  • Update / document the demo & benchmark pages
  • Unit tests
  • Better solution for STYLE elements
  • Integration with one or more javascript frameworks
  • Experimental override for default sanitization in various web platforms
  • Leverage newer features of the web platform (Shadow DOM, etc.)
  • Remove jQuery usage from benchmark page
  • General code clean up / modernization

Special thanks for making jSanity a reality:

  • Ben Livshits
  • Gareth Heyes
  • Loris D'Antoni
  • Mario Heiderich
  • Matt Thomlinson
  • Michael Fanning