GitHub - cure53/DOMPurify: DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Linking pages

Mutation XSS via namespace confusion - DOMPurify < 2.0.17 bypass - research.securitum.com https://research.securitum.com/mutation-xss-via-mathml-mutation-dompurify-2-0-17-bypass/ 81 comments
Adding comments to your static blog with Mastodon https://carlschwan.eu/2020/12/29/adding-comments-to-your-static-blog-with-mastodon/ 77 comments
Implementing 'focus and reply' for Fastmail with JMAP https://jvns.ca/blog/2020/08/18/implementing--focus-and-reply--for-fastmail/ 53 comments
Code Vulnerabilities Leak Emails in Proton Mail | Sonar https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/ 48 comments
GitHub - TxtDot/txtdot: An HTTP proxy that parses only text, links and pictures from pages reducing internet bandwidth usage, removing ads and heavy scripts https://github.com/TxtDot/txtdot 32 comments
GitHub - mozilla/readability: A standalone version of the readability lib https://github.com/mozilla/readability 30 comments
Cross Site Scripting Prevention - OWASP Cheat Sheet Series https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet 25 comments
Sanitize Client-Side: Why Server-Side HTML Sanitization is Doomed to Fail | Sonar https://www.sonarsource.com/blog/sanitize-client-side-why-server-side-html-sanitization-is-doomed-to-fail/ 21 comments
Prevent DOM-based cross-site scripting vulnerabilities with Trusted Types https://developers.google.com/web/updates/2019/02/trusted-types 19 comments
Don’t trust the locals: investigating the prevalence of persistent client-side cross-site scripting in the wild | the morning paper https://blog.acolyer.org/2019/04/10/dont-trust-the-locals-investigating-the-prevalence-of-persistent-client-side-cross-site-scripting-in-the-wild/ 13 comments
Web Application Security Checklist – AppSec Monkey https://www.appsecmonkey.com/blog/web-application-security-checklist/ 11 comments
GitHub - whiteout-io/mail: [ABANDONED] Mail App with integrated OpenPGP encryption http://github.com/whiteout-io/mail-html5 11 comments
GitHub - nhn/tui.calendar: 🍞📅A JavaScript calendar that has everything you need. https://github.com/nhnent/tui.calendar 10 comments
GitHub - validatorjs/validator.js: String validation https://github.com/chriso/validator.js 9 comments
GitHub - markedjs/marked: A markdown parser and compiler. Built for speed. https://github.com/chjj/marked 7 comments
Remote Code Execution in Tutanota Desktop due to Code Flaw | Sonar https://www.sonarsource.com/blog/remote-code-execution-in-tutanota-desktop-due-to-code-flaw/ 7 comments
GitHub - sorrycc/awesome-javascript: 🐢 A collection of awesome browser-side JavaScript libraries, resources and shiny things. https://github.com/sorrycc/awesome-javascript 4 comments
Writing a TodoMVC App With Vanilla JS in 2022 | Frontend Masters https://frontendmasters.com/blog/vanilla-javascript-todomvc/ 3 comments
GitHub - ESAPI/owasp-esapi-js: An UNMAINTAINTED project originally exported from code.google.com/p/owasp-esapi-js. This project is deprecated. See the README.md for further details and possible alternatives. https://github.com/ESAPI/owasp-esapi-js 3 comments
GitHub - voussoir/bringrss: BringRSS client https://github.com/voussoir/bringrss 3 comments

Linking pages

Linked pages