A zero-dependency utility that detects unsafe HTML in Svelte components across versions 3, 4, and 5.

A web browser with dynamic data-flow tracking enabled in the Javascript engine and DOM, based on Mozilla Firefox (https://github.com/mozilla-firefox/firefox). It can be used to identify insecure data flows or data privacy leaks in client-side web applications.

DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

Use DOMPurify on server and client in the same way

A comprehensive, enterprise-grade secure file upload web application built following OWASP best practices for secure coding, file management, and application security verification standards. Features a modern web interface with user authentication, admin panel, and robust security controls.

The popular NoScript Security Suite browser extension.

A browser API to prevent DOM-Based Cross Site Scripting in modern web applications.

Proyecto educativo para entender y demostrar vulnerabilidades XSS (Cross-Site Scripting) con ejemplos prácticos de código vulnerable y seguro.

pdf-xss-checker is a Node.js tool designed to scan PDF files for potential Cross-Site Scripting (XSS) vulnerabilities. It analyzes embedded scripts, forms and suspicious content to help identify security risks in PDFs before they're distributed or displayed in browsers.

FrogPost: postMessage Security Testing Tool

This repository is a collection of JavaScript gadgets that can be used to bypass XSS mitigations such as Content Security Policy (CSP) and HTML sanitizers like DOMPurify.

Beyond XSS: Explore the Web Front-end Security Universe. A series about front-end security

收集本人自接触渗透测试用于漏洞验证的所有热门CVE、POC、CNVD攻击有效载荷+测试工具+FUZZ,一个仓库满足许多攻击测试场景,开箱即用.

XSS Data Collection Tool – A security testing tool designed to capture website input data and store it remotely.

A powerful Google dork generator with 780+ templates for security researchers to find vulnerabilities like SQL injection, XSS, exposed admin panels, and sensitive files during authorized penetration testing.

An awesome tour booking web app written in NodeJS, Express, MongoDB

A lab with node js and react to training modifying html xss attack with educational guide lines

🕷️ XSS Listener is a penetration tool for easy to steal data with various XSS.

Tiny fully featured AI ready zero dependency javascript framework

Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.