GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → LeSuisse → vue-dompurify-html

LeSuisse / vue-dompurify-html

Licence: MIT license
Safe replacement for the v-html directive

Programming Languages

typescript
32286 projects
javascript
184084 projects - #8 most used programming language
Nix
1067 projects

Labels

securityvuejsvuexssdom-xssdompurify

Projects that are alternatives of or similar to vue-dompurify-html

Dompurify
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
Stars: ✭ 8,177 (+7762.5%)
Mutual labels:  xss, dompurify
ng-dompurify
Inclusive Angular API for DOMPurify
Stars: ✭ 65 (-37.5%)
Mutual labels:  xss, dompurify
Ary
Ary 是一个集成类工具,主要用于调用各种安全工具,从而形成便捷的一键式渗透。
Stars: ✭ 241 (+131.73%)
Mutual labels:  xss
xss-http-injector
XSS HTTP Inject0r is a proof of concept tool that shows how XSS (Cross Site Scripting) flags can be exploited easily. It is written in HTML + Javascript + PHP and released under GPLv3.
Stars: ✭ 22 (-78.85%)
Mutual labels:  xss
laravel-xss-filter
Filter user input for XSS but don't touch other html
Stars: ✭ 38 (-63.46%)
Mutual labels:  xss
Xsshell
An XSS reverse shell framework
Stars: ✭ 251 (+141.35%)
Mutual labels:  xss
flask-vuln
Pretty vulnerable flask app..
Stars: ✭ 23 (-77.88%)
Mutual labels:  xss
Veneno
Stars: ✭ 230 (+121.15%)
Mutual labels:  xss
sanitizer-polyfill
rewrite constructor arguments, call DOMPurify, profit
Stars: ✭ 46 (-55.77%)
Mutual labels:  xss
html-contextual-autoescaper-java
Prevents XSS by figuring out how to escape untrusted values in templates
Stars: ✭ 15 (-85.58%)
Mutual labels:  xss
solutions-bwapp
In progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+51.92%)
Mutual labels:  xss
Wordlist404
Small but effective wordlist for brute-forcing and discovering hidden things.
Stars: ✭ 101 (-2.88%)
Mutual labels:  xss
cve-2016-1764
Extraction of iMessage Data via XSS
Stars: ✭ 52 (-50%)
Mutual labels:  xss
SuperXSS
Make XSS Great Again
Stars: ✭ 57 (-45.19%)
Mutual labels:  xss
Browser Sec Whitepaper
Cure53 Browser Security White Paper
Stars: ✭ 251 (+141.35%)
Mutual labels:  xss
security-cheat-sheet
Minimalist cheat sheet for developpers to write secure code
Stars: ✭ 47 (-54.81%)
Mutual labels:  xss
Payloads
Git All the Payloads! A collection of web attack payloads.
Stars: ✭ 2,862 (+2651.92%)
Mutual labels:  xss
cd
CloudDefense.ai is an automated web application security testing tool that audits your web applications by checking for vulnerabilities like SQL Injection, Cross-site scripting and other exploitable vulnerabilities.
Stars: ✭ 33 (-68.27%)
Mutual labels:  xss
vaf
Vaf is a cross-platform very advanced and fast web fuzzer written in nim
Stars: ✭ 294 (+182.69%)
Mutual labels:  xss
XSS-Payload-without-Anything
XSS Payload without Anything.
Stars: ✭ 74 (-28.85%)
Mutual labels:  xss
View All Similar Projects ➔

vue-dompurify-html

npm Build Status Code Coverage

⚠️ This branch is meant to be used with Vue 3. If you are looking for a version compatible with Vue 2, go to vue-legacy branch.

A "safe" replacement for the v-html directive. The HTML code is sanitized with DOMPurify before being interpreted.

This is only a small wrapper around DOMPurify to ease its usage in a Vue app. You should take a look at the DOMPurify Security Goals & Threat Model to understand what are the limitations and possibilities.

Installation

npm install vue-dompurify-html

Usage

import { createApp } from 'vue';
import App from './App.vue';
import VueDOMPurifyHTML from 'vue-dompurify-html';

const app = createApp(App);
app.use(VueDOMPurifyHTML);
app.mount('#app');

In your SFC:

<template>
    <div v-dompurify-html="rawHtml"></div>
</template>
<script setup>
import { ref } from "vue";

const rawHtml = ref('<span style="color: red">This should be red.</span>');
</script>

You can also define your DOMPurify configurations:

import { createApp } from 'vue';
import App from './App.vue';
import VueDOMPurifyHTML from 'vue-dompurify-html';

const app = createApp(App);
app.use(VueDOMPurifyHTML, {
    namedConfigurations: {
        'svg': {
            USE_PROFILES: { svg: true }
        },
        'mathml': {
            USE_PROFILES: { mathMl: true }
        },
    }
});
app.mount('#app');

Your configuration keys can then be used as an argument of the directive:

<template>
    <div v-dompurify-html="rawHtml"></div>
    <div v-dompurify-html:svg="svgContent"></div>
</template>
<script setup>
import { ref } from "vue";

const rawHtml = ref('<span style="color: red">This should be red.</span>');
const svgContent = ref('<svg><rect height="50"></rect></svg>');
</script>

Alternatively, you can define a default DOMPurify configuration:

import { createApp } from 'vue';
import App from './App.vue';
import VueDOMPurifyHTML from 'vue-dompurify-html';

const app = createApp(App);
app.use(VueDOMPurifyHTML, {
    default: {
        USE_PROFILES: { html: false }
    }
});
app.mount('#app');

The default DOMPurify configuration will be used:

<template>
    <div v-dompurify-html="rawHtml"></div>
</template>
<script setup>
import { ref } from "vue";

const rawHtml = ref('<span style="color: red">This should be red.</span>');
</script>

There is also the possibility to set-up DOMPurify hooks:

import { createApp } from 'vue';
import App from './App.vue';
import VueDOMPurifyHTML from 'vue-dompurify-html';

const app = createApp(App);
app.use(VueDOMPurifyHTML, {
    hooks: {
        uponSanitizeElement: (currentNode) => {
            // Do something with the node
        }
    }
});
app.mount('#app');

If needed you can use the directive without installing it globally:

<template>
    <div v-dompurify-html="rawHtml"></div>
</template>

<script setup lang="ts">
import { buildVueDompurifyHTMLDirective } from '../src/';

const vdompurifyHtml = buildVueDompurifyHTMLDirective(<config...>);
const rawHtml = '<span style="color: red">Hello!</span>';
</script>
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].