voku/anti-xss

Issues

• Dependency Dashboard

  #89 opened 3 years ago by renovate
  0

• Vulnerability found

  #155 opened 2 months ago by plakidan
  1

• Issue with sanitising XSS on Base64 encoded strings with trailing double equal (==) signs

  #151 opened 2 months ago by EricSocs
  1

• False positive: "system ("

  #150 opened 3 months ago by friggingee
  1

• Please add big warning that this package should not be included in any non-UTF-8 application or package dependency

  #148 opened 8 months ago by cmanley
  0

• Fix failing test "testSvgXssFileV1"

  #147 opened 10 months ago by Chris53897
  0

• JSON Encoded HTML attribute issues

  #143 opened 10 months ago by breconwhite
  0

• Example 6 returns unexpected false in isXssFound()

  #141 opened a year ago by banakito
  0

• False positive 'abc < abcd'

  #134 opened a year ago by timmit-nl
  3

• Why is my output different from your example

  #135 opened a year ago by ken678
  0

• False postive "Behavior:"

  #129 opened a year ago by attrib
  0

• Just question about htmlspecialchars and this

  #128 opened a year ago by Pok4
  1

• style=foo:expres\sion(1058+{valueOf:alert})} and style=color:expres\sion(1834+{toString:alert} XSS Issue

  #126 opened 2 years ago by psinghracknap
  1

• performance investigation

  #64 opened 2 years ago by staabm
  2

• The style attribute preserves the question.

  #71 opened 2 years ago by isszz
  1

• False positive on closed sorce tag.

  #111 opened 2 years ago by genetus
  2

• false positive on name

  #113 opened 2 years ago by f17208
  1

• xss_clean bypass (false negative) on javascript context

  #115 opened 2 years ago by thanosgn
  1

• JavaScript keywords will be removed in pre/code tag

  #102 opened 3 years ago by paxter
  1

• false positive in url geolocation.com

  #114 opened 2 years ago by alechner
  2

• FP: text like " system (e.g. Windows 10, Mac OS X etc.) "

  #112 opened 2 years ago by voku
  0

• False positive for "wordContainingFile(" in `_sanitize_naughty_javascript`

  #99 opened 3 years ago by Fahl-Design
  4

• Valid hex characters invalidates urls and remove them from the output

  #103 opened 3 years ago by paxter
  0

• False positive for Document.aspx in link

  #95 opened 3 years ago by adam-boduch
  5

• isXssFound() returns false if xss string was found in array value that is not the last one.

  #75 opened 3 years ago by dlt-
  3

• XSS in Angular and AngularJS

  #93 opened 3 years ago by Brenneisen
  1

• The content of the code block submitted by the editor will be added with additional line breaks

  #72 opened 3 years ago by isszz
  7

• All Post and GET Celan

  #92 opened 3 years ago by sanater
  1

• False positive on < 1 year

  #83 opened 3 years ago by mathiasselleslach
  3

• False positive for `foo="<span class="bar">baz</span>"`

  #85 opened 3 years ago by gharlan
  4

• It gives errors in large strings.

  #80 opened 3 years ago by hsdmr
  4

• False positive in string < 35%

  #78 opened 3 years ago by timmit-nl
  1

• Cannot properly install

  #79 opened 4 years ago by FinnAlberts
  2

• Can I use it in commercial software?

  #76 opened 4 years ago by MichaelXieShao
  0

• CVE-2019-8331 (Medium) detected in bootstrap-4.1.3.min.js

  #68 opened 4 years ago by mend-bolt-for-github
  0

• CVE-2020-11022 (Medium) detected in jquery-3.3.1.min.js

  #69 opened 4 years ago by mend-bolt-for-github
  0

• CVE-2019-11358 (Medium) detected in jquery-3.3.1.min.js

  #70 opened 4 years ago by mend-bolt-for-github
  0

• CVE-2020-11023 (Medium) detected in jquery-3.3.1.min.js

  #67 opened 4 years ago by mend-bolt-for-github
  0

• False positive in string <35%

  #62 opened 4 years ago by timmit-nl
  2

• How allow some condition html content

  #63 opened 4 years ago by Mech-Statham
  2

• Allow base64 in img failds

  #61 opened 4 years ago by danielspk
  2

• False positive in string

  #60 opened 4 years ago by Anyqax
  2

• img's src="data:image/png;base64," be deleted

  #59 opened 4 years ago by 1261466029
  3

• Possibly inconsistent escaping

  #58 opened 5 years ago by andrei-dascalu
  2

• What is the added value to anti-xss over htmlentities($val, ENT_QUOTES);

  #57 opened 5 years ago by killua-eu
  2

• Escaped <script> tags are removed

  #56 opened 5 years ago by gharlan
  2

• Wrong result for escaped html inside `<pre>`

  #55 opened 5 years ago by gharlan
  1

• False positive for "on.." prefix in URL

  #54 opened 5 years ago by denisbondar
  1

• False positive for (0) in URL

  #53 opened 5 years ago by denisbondar
  2

• Additional false positives in string

  #52 opened 5 years ago by rafaelmaiolla
  1