Skip to content

/JSanity

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Clone in Desktop Download ZIP
A secure-by-default, performance, cross-browser client-side HTML sanitization library
  1. JavaScript 73.0%
  2. HTML 27.0%
JavaScript HTML
JSanity/
Latest commit 97c50a8 @randomdross randomdross Merge pull request #4 from Microsoft/drx-edits 
Basic cleanup and un-mothballing
Failed to load latest commit information.
AUTHORS Update AUTHORS to add Google Inc.
CONTRIBUTORS Update CONTRIBUTORS
LICENSE Populate with preliminary content
README.md updated README.md
jsanity-0.2.js Populate with preliminary content
jsanity-benchmark-pretty.htm updated benchmark jquery url
jsanity-demo-pretty.htm initial commit

README.md

jSanity

A secure-by-default, performant, cross-browser client-side HTML sanitization library.

Reference:
OWASP AppSec EU 2013 Talk
Slides

Status

jSanity was just recently revived from two years of cold storage. Only very minimal changes have been made so far since the code was originally developed.

Demo / Benchmark pages

Demo
Benchmark

Todo

  • Support for more elements and attributes.
  • setImmediate didn't gain traction. Switch to an alternative approach.
    • For now jSanity uses a polyfill.
  • Update / document the demo & benchmark pages
  • Unit tests
  • Remove requirement for jQuery (?)
  • Better solution for STYLE elements
  • Integration with one or more javascript frameworks
  • Experimental override for default sanitization in various web platforms
  • Leverage newer features of the web platform (Shadow DOM, etc.)

Special thanks for making jSanity a reality:

  • Ben Livshits
  • Gareth Heyes
  • Loris D'Antoni
  • Mario Heiderich
  • Matt Thomlinson
  • Michael Fanning
Something went wrong with that request. Please try again.