1 repository
Automatically adding security-focused attributes to HTML elements to mitigate web-based attacks.
Distinct from Attribute Injection Validators: Focuses on the active injection of safety attributes like noopener, rather than just validating existing attributes.
Explore 1 awesome GitHub repository matching software engineering & architecture · Security Attribute Injection. Refine with filters or upvote what's useful.
bluemonday is a Go library for scrubbing user-generated HTML content to prevent cross-site scripting and other injection attacks. It functions as an HTML policy engine and sanitizer that removes dangerous scripts and malicious tags by applying configurable element and attribute allowlists. The project distinguishes itself through a rule-based system that utilizes regular expressions and name-based lists to define permitted tags, attributes, and CSS styles. It includes a URL security validator that enforces safe protocols and automatically injects security attributes such as nofollow and noope
Automatically appends security attributes like nofollow and noopener to outbound hyperlinks.