30 open-source projects similar to cure53/dompurify, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best DOMPurify alternative.
js-xss is an HTML XSS sanitizer and whitelist-based HTML filter designed to remove malicious code from untrusted HTML. It serves as a tool for cross-site scripting prevention and user-generated content management by cleaning HTML strings to ensure safe browser rendering. The library includes a CSS style validator to scrub inline styles against a whitelist and an HTML content purifier capable of stripping all tags to extract raw text. It allows for custom HTML filtering through the definition of specific rules and handler functions to control permitted elements and attributes. The tool covers
Parsedown is a PHP library that converts Markdown text and common extensions into structured HTML output for web browsers. It functions as a Markdown to HTML converter that processes both block-level and inline elements to generate valid web content. The library includes a PHP HTML sanitizer designed to escape HTML and scripting vectors. This security layer provides input sanitization to prevent attacks when processing untrusted user-generated content.
react-markdown is a React renderer that converts markdown text into a virtual DOM to safely display formatted content. It functions as a markdown syntax parser and renderer that transforms markdown strings into structural elements, ensuring XSS-safe content delivery. The project allows for the mapping of standard markdown elements to custom React components for specialized styling and behavior. It supports syntax extensions through a plugin system, enabling additional formatting features such as tables, footnotes, and tasklists. The system includes security primitives for HTML and URL saniti
This is an HTML sanitization library designed to remove dangerous tags and attributes from user-submitted HTML to prevent cross-site scripting attacks. It functions as a content filter that whitelists specific elements and attributes while escaping or discarding unauthorized markup. The project includes an HTML transformation engine that allows for the modification or replacement of tags and attributes using custom logic. It also features a CSS style validator to clean inline properties against permitted patterns and a system for resource URL validation to restrict hostnames and schemes. The
validator.js is a JavaScript string validation and sanitization library. It provides a set of functions to verify that strings match specific patterns—such as emails, URLs, and alphanumeric formats—and a toolkit for cleaning and transforming text input to remove prohibited characters and trim whitespace. The library includes utilities for standardizing email addresses by lowercasing domains and removing sub-addressing markers. It also functions as an HTML entity escaper, replacing special characters with entities to prevent the browser from executing text as code. The project covers capabili
CrowdSec is a collaborative, distributed security engine designed for threat detection and infrastructure protection. It functions as an intrusion detection system that parses logs and network traffic to identify malicious patterns, utilizing a bucket-based threshold detection model to aggregate events and trigger alerts. The platform is built on a modular architecture that includes a centralized local API server for managing security signals and a relational database for persistent storage of remediation decisions. What distinguishes the project is its decoupled enforcement model, which offl
This project is a high-performance Java library and content moderation framework designed to detect and mask prohibited words in text. It utilizes a Deterministic Finite Automaton (DFA) scanner to implement efficient longest-match word detection. The engine distinguishes itself through a text normalization pipeline and noise-filtering preprocessor that standardize character casing, scripts, and widths while removing interspersed special characters to prevent filter evasion. It supports dynamic dictionary management, allowing blacklists and allow-lists to be updated in the background without r
ClamAV antivirus scanning for Node.js — scan file uploads with a single function call. Zero dependencies. Typed Symbol verdicts. Local or Docker/clamd.
Dalfox is an automated web application security tool specifically designed for discovering and verifying cross-site scripting vulnerabilities. It functions as an XSS vulnerability scanner that analyzes HTTP parameters and DOM structures to identify reflected, stored, and blind injection points. The project distinguishes itself by providing a Model Context Protocol server and a REST API, allowing artificial intelligence agents and remote interfaces to trigger and manage security scans programmatically. It utilizes a payload mutation engine and fingerprinting strategies to execute WAF evasion t
This project is a comprehensive, community-sourced knowledge base designed for security professionals and researchers. It functions as a centralized repository of offensive security techniques, providing a structured collection of exploit payloads, attack vectors, and methodologies for conducting vulnerability assessments and penetration testing. The repository distinguishes itself through a cross-platform payload taxonomy that categorizes exploitation methods by vulnerability type and target environment, enabling rapid lookup during security assessments. It maintains high standards of data i
Mailcheck is an email domain suggestion library and validation utility designed to identify misspelled email addresses. It functions as a string similarity tool that calculates the distance between typed domains and known correct extensions to provide automated correction suggestions. The library allows for the use of custom domain suggestion lists and the implementation of custom similarity and string distance logic. These mechanisms enable the replacement of default matching thresholds and distance algorithms with user-defined functions. The tool covers domain validation and correction thr
This project is a pure JavaScript database driver for Node.js that implements the native MySQL binary protocol. It serves as a comprehensive connector for managing persistent network links to MySQL servers, enabling applications to execute queries, manage transactions, and handle complex data operations without requiring external middleware. The driver distinguishes itself through its integrated support for connection pooling and distributed database routing. It maintains managed sets of reusable network sockets to optimize resource usage under high request volumes, while simultaneously provi
Templ is a type-safe HTML templating engine and UI framework for Go. It provides a system for building reusable HTML components that compile into Go code for server-side rendering, ensuring type safety and compile-time validation of data and logic. The project features a dedicated language server that provides autocomplete and syntax validation for template files within supported code editors. It employs compile-time code generation to transform a custom template language into Go source code, enabling the creation of modular HTML fragments and logic blocks. The framework includes automated s
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Validator.js is a library of pure, stateless functions designed for the validation and sanitization of string data within any JavaScript environment. It provides a modular suite of tools to verify that user-provided information conforms to specific formats, such as emails, URLs, and dates, while simultaneously cleaning untrusted input to mitigate security risks. The library distinguishes itself through a design that avoids platform-specific APIs, ensuring consistent execution across browsers, servers, and edge runtimes. By utilizing a pre-compiled regular expression engine and a pure data tra
ContentTools is a JavaScript framework and suite of tools for building visual WYSIWYG editors. It provides a DOM manipulation library for parsing and transforming HTML strings into structured editable regions, alongside a visual document orchestrator that manages element behaviors and state transitions. The framework includes a specialized browser selection manager to ensure consistent caret positioning and text range highlighting across different web browsers. It also features an HTML content validator used to sanitize output and convert third-party media links into valid embed formats. The
Trix is a rich text editor and WYSIWYG text component designed for composing and formatting documents with inline styling and block elements. It functions as an HTML content editor that manages and sanitizes input to ensure a secure and consistent document structure, while serving as a document state manager that tracks edit history and persists serialized state. The editor integrates directly with standard HTML forms, converting rich text into data for submission. It features a configurable sanitization engine that cleanses input HTML to remove unsupported tags and mitigate security risks.
Jsoup is a Java library designed for parsing, extracting, and manipulating HTML and XML content. It provides a document object model that represents web content as a hierarchical tree, allowing for programmatic navigation and modification of elements, attributes, and text. The library functions as a toolkit for web scraping, enabling the retrieval of remote content via standard web protocols and the management of HTTP sessions for automated form interaction. The library distinguishes itself through its fault-tolerant tokenization, which reconstructs valid document structures from malformed or
markdown-it is a token-based Markdown compiler and CommonMark-compliant parser that converts structured plaintext markup into HTML. It functions as an extensible markup processor designed to transform text into browser-ready content while managing security and preventing cross-site scripting. The project is distinguished by a modular plugin system that allows for the extension of parsing capabilities and the addition of custom syntax, such as footnotes, tables, or emojis. It utilizes a two-stage tokenization process to break documents into structural tokens before rendering them into final HT
This project is a curated collection of technical interview questions and detailed answers designed for professional software engineering roles. It serves as an Angular framework study resource and interview guide for developers preparing for frontend engineering assessments. The resource covers core architectural patterns including component-based view architecture, hierarchical dependency injection, and declarative template binding. It also addresses implementation details regarding observable-driven data streams and the use of directives for DOM manipulation. Additional content focuses on
Security-101 is a vendor-agnostic, foundational cybersecurity learning curriculum organized into modular, framework-aligned modules. It is designed to build core knowledge across multiple security domains without tying content to specific products or platforms, making it suitable for both beginners and professionals seeking a structured introduction to the field. The curriculum is built around established security frameworks, including the MITRE ATT&CK framework for standardized threat analysis and the NIST Cybersecurity Framework for incident response workflows. It covers a broad range of do
This project is a production-ready template for building RESTful APIs using Node.js and the Express web framework. It provides a pre-configured structure for backend services, integrating a MongoDB Mongoose ODM framework for data modeling and a token-based security system for managing user identity. The boilerplate distinguishes itself through automated API documentation generated via Swagger by parsing code comments. It implements a layered controller architecture and a middleware-based request pipeline to separate routing logic from business logic and security processing. The system covers
Joi is a JavaScript data validation library used to define schemas that validate, cast, and sanitize data objects. It functions as an object schema validator and parser, ensuring that input data matches specific types and formats before it is processed by an application. The library features a conditional validation engine capable of dynamic schema enforcement, where validation logic and dependencies change based on the values of other keys within an object. It also serves as a data casting and sanitization tool, transforming input values into target types and removing sensitive keys from the
FluentValidation is a strongly-typed data validation library for .NET. It functions as a rule engine and input validation framework used to define and execute complex business rules and constraints for data objects. The library utilizes a fluent interface API, allowing the construction of readable and declarative validation constraints through method chaining. It leverages generics and lambda expressions to enforce data integrity and business logic at compile time. The project covers the enforcement of business rules, strongly-typed data validation, and input sanitization workflows to verify
FluentValidation is a .NET validation library used to define strongly-typed validation rules for objects. It utilizes a fluent interface API and lambda expressions to ensure data integrity for classes and properties within the .NET type system. The library separates validation logic from business entities to keep domain models focused on core functionality. This approach enables the enforcement of business logic and the sanitization of input data or API payloads through a sequence of logic checks. The system supports complex validation surface areas, including the ability to nest validators
class-validator is a TypeScript class validation library that uses decorators to define constraints and rules for object properties. It functions as a decorator-based schema validator that ensures data integrity and structural correctness through a combination of synchronous checks and promise-based asynchronous rules. The library provides a recursive validation system for checking complex data hierarchies, including nested classes and individual elements within collections. It includes an object property whitelist utility capable of stripping undocumented properties or blocking unknown field
This project is an ESLint plugin and static analysis tool designed to enforce best practices, prevent bugs, and maintain code quality in React projects. It functions as a specialized JSX linter that analyzes the syntax and structure of components to detect anti-patterns and API misuse. The plugin distinguishes itself by providing deep analysis of React-specific patterns, such as detecting state race conditions, preventing nested component definitions, and identifying unstable references that cause unnecessary re-renders. It also includes security hardening rules to identify vulnerabilities li
This library is a PHP framework designed for validating and sanitizing incoming data. It provides a structured approach to ensuring that information conforms to expected formats and integrity requirements before it is processed or stored by an application. The project utilizes a fluent interface to construct validation logic, allowing for the definition of complex rules through chainable methods. It employs a strategy-based execution model where individual validation components are encapsulated and can be dynamically assigned to data fields. When validation fails, the system uses an exception
CL4R1T4S is a framework designed to orchestrate generative AI workflows and optimize language model outputs. It functions as a centralized utility for managing, versioning, and deploying structured system prompts and behavioral parameters to ensure consistent performance across complex tasks. The project distinguishes itself by implementing a structured pipeline that wraps model interactions to enforce behavioral constraints and sanitize inputs. This orchestration layer incorporates heuristic-based validation and stateful context management to maintain coherence and quality throughout multi-s