Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

lamp-cloud 基于Jdk11 + SpringCloud + SpringBoot的微服务快速开发平台，其中的可配置的SaaS功能尤其闪耀，具备RBAC功能、网关统一鉴权、Xss防跨站攻击、自动代码生成、多种存储系统、分布式事务、分布式定时任务等多个模块，支持多业务系统并行开发，支持多服务并行开发，可以作为后端服务的开发脚手架。代码简洁，注释齐全，架构清晰，非常适合学习和企业作为基础框架使用。

Stars: ✭ 4,125 (+908.56%)

Mutual labels: xss

Arachni

Web Application Security Scanner Framework

Stars: ✭ 2,942 (+619.32%)

Mutual labels: xss

Anti Xss

㊙️ AntiXSS | Protection against Cross-site scripting (XSS) via PHP

Stars: ✭ 403 (-1.47%)

Mutual labels: xss

Awesomexss

Awesome XSS stuff

Stars: ✭ 3,664 (+795.84%)

Mutual labels: xss

Noscript

The popular NoScript Security Suite browser extension.

Stars: ✭ 366 (-10.51%)

Mutual labels: xss

Findom Xss

A fast DOM based XSS vulnerability scanner with simplicity.

Stars: ✭ 310 (-24.21%)

Mutual labels: xss

Bxss

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

Stars: ✭ 331 (-19.07%)

Mutual labels: xss

Scaner

扫描器是来自GitHub平台的开源扫描器的集合，包括子域枚举、数据库漏洞扫描器、弱密码或信息泄漏扫描器、端口扫描器、指纹扫描器以及其他大规模扫描仪、模块扫描器等。对于其他著名的扫描工具，如：awvs、nmap，w3af将不包含在集合范围内。

Stars: ✭ 357 (-12.71%)

Mutual labels: xss

Javacodeaudit

Getting started with java code auditing 代码审计入门的小项目

Stars: ✭ 289 (-29.34%)

Mutual labels: xss

Cerberus

一款功能强大的漏洞扫描器，子域名爆破使用aioDNS，asyncio异步快速扫描，覆盖目标全方位资产进行批量漏洞扫描，中间件信息收集，自动收集ip代理，探测Waf信息时自动使用来保护本机真实Ip，在本机Ip被Waf杀死后，自动切换代理Ip进行扫描，Waf信息收集(国内外100+款waf信息)包括安全狗，云锁，阿里云，云盾，腾讯云等，提供部分已知waf bypass 方案，中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等)，支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能

Stars: ✭ 389 (-4.89%)

Mutual labels: xss

Penetration testing poc

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss penetration-testing-poc csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

Stars: ✭ 3,858 (+843.28%)

Mutual labels: xss

Owasp Java Encoder

The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!

Stars: ✭ 343 (-16.14%)

Mutual labels: xss

Xss cheat sheet 2020 edition

xss漏洞模糊测试payload的最佳集合 2020版

Stars: ✭ 406 (-0.73%)

Mutual labels: xss

Protect

Proactively protect your Node.js web services

Stars: ✭ 394 (-3.67%)

Mutual labels: xss

Wssat

WEB SERVICE SECURITY ASSESSMENT TOOL

Stars: ✭ 360 (-11.98%)

Mutual labels: xss

View All Similar Projects ➔

striptags

An implementation of PHP's strip_tags in Typescript.

Note: this is a total rewrite from v3, and as such, is currently in an alpha state. Feel free to use this during the alpha period and provide feedback before it is released as v4.

Highlights

No dependencies
Prevents XSS by default

Installing

npm install [email protected]

Basic Usage

striptags(text: string, options?: Partial<StateMachineOptions>): string;

Examples

// commonjs
const striptags = require("striptags").striptags;

// alternatively, as an es6 import
// import { striptags } from "striptags";

var html = `
<a href="https://example.com">lorem ipsum <strong>dolor</strong> <em>sit</em> amet</a>
`.trim();

console.log(striptags(html));
console.log(striptags(html, { allowedTags: new Set(["strong"]) }));
console.log(striptags(html, { tagReplacementText: "🍩" }));

Outputs:

lorem ipsum dolor sit amet
lorem ipsum <strong>dolor</strong> sit amet
🍩lorem ipsum 🍩dolor🍩 🍩sit🍩 amet🍩

Advanced Usage

class StateMachine {
    constructor(partialOptions?: Partial<StateMachineOptions>);
    consume(text: string): string;
}

The StateMachine class is similar to the striptags function, but persists state across calls to consume() so that you may safely pass in a stream of text. For example:

// commonjs
const StateMachine = require("striptags").StateMachine;

// alternatively, as an es6 import
// import { StateMachine } from "striptags";

const instance = new StateMachine();

console.log(instance.consume("some text with <a") + instance.consume("tag>and more text"));

Outputs:

some text with and more text

Safety

striptags is safe to use by default; the output is guaranteed to be free of potential XSS vectors if used as text within a tag. Specifying either allowedTags or disallowedTags in the options argument removes this guarantee, however. For example, a malicious user may achieve XSS via an attribute in an allowed tag: <img onload="alert(1);">.

In addition, striptags will automatically HTML encode < and > characters followed by whitespace. While most browsers tested treat < or > followed by whitespace as a non-tag string, it is safer to escape the characters. You may change this behavior via the encodePlaintextTagDelimiters option described below.

`Partial<StateMachineOptions>`

allowedTags?: Set<string>

A set containing a list of tag names to allow (e.g. new Set(["tagname"])). Tags not in this list will be removed. This option takes precedence over the disallowedTags option.

Default: undefined

disallowedTags?: Set<string>

A set containing a list of tag names to disallow ((e.g. new Set(["tagname"])). Tags not in this list will be allowed. Ignored if allowedTags is set.

Default: undefined

tagReplacementText?: string

A string to use as replacement text when a tag is found and not allowed.

Default: ""

encodePlaintextTagDelimiters?: boolean

Setting this option to true will cause < and > characters immediately followed by whitespace to be HTML encoded. This is safe to set to false if the output is expected to be used only as plaintext (i.e. it will not be displayed alongside other HTML).

Default: true

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].

Stars: ✭ 409

Visit Git Page 🔗Visit User Page 🔗Visit Issues Page (0) 🔗