A secure-by-default, performant, cross-browser client-side HTML sanitization library.
Reference:
OWASP AppSec EU 2013 Talk
Slides
jSanity was just recently revived from two years of cold storage. Only very minimal changes have been made so far since the code was originally developed.
- Support for more elements and attributes.
- setImmediate didn't gain traction. Switch to an alternative approach.
- For now jSanity uses a polyfill.
- Update / document the demo & benchmark pages
- Unit tests
- Remove requirement for jQuery (?)
- Better solution for STYLE elements
- Integration with one or more javascript frameworks
- Experimental override for default sanitization in various web platforms
- Leverage newer features of the web platform (Shadow DOM, etc.)
- Ben Livshits
- Gareth Heyes
- Loris D'Antoni
- Mario Heiderich
- Matt Thomlinson
- Michael Fanning