2 个仓库
Validators that check CSS property values against security patterns rather than just specification compliance.
Distinct from CSS Property Validations: Focuses on security-based cleaning of properties, whereas CSS Property Validations focuses on specification types.
Explore 2 awesome GitHub repositories matching user interface & experience · CSS Security Validators. Refine with filters or upvote what's useful.
这是一个 HTML 清理库,旨在从用户提交的 HTML 中删除危险标签和属性,以防止跨站脚本攻击 (XSS)。它充当内容过滤器,通过白名单机制保留特定元素和属性,同时转义或丢弃未经授权的标记。 该项目包含一个 HTML 转换引擎,允许使用自定义逻辑修改或替换标签和属性。它还具有 CSS 样式验证器,可根据允许的模式清理内联属性,以及用于限制主机名和方案的资源 URL 验证系统。 该库提供了用户输入清理、内联 CSS 验证和动态 HTML 转换功能。这些功能通过支持标签过滤和定义允许元素的解析器来实现。
Cleans inline CSS properties against permitted patterns to ensure safe styling in user content.
bluemonday is a Go library for scrubbing user-generated HTML content to prevent cross-site scripting and other injection attacks. It functions as an HTML policy engine and sanitizer that removes dangerous scripts and malicious tags by applying configurable element and attribute allowlists. The project distinguishes itself through a rule-based system that utilizes regular expressions and name-based lists to define permitted tags, attributes, and CSS styles. It includes a URL security validator that enforces safe protocols and automatically injects security attributes such as nofollow and noope
Provides specialized handlers to validate inline CSS style attributes against security patterns.