{"id":13612802,"url":"https://github.com/theodo/RisXSS","last_synced_at":"2025-04-13T12:32:36.756Z","repository":{"id":37735323,"uuid":"176980402","full_name":"theodo/RisXSS","owner":"theodo","description":"RisXSS","archived":false,"fork":false,"pushed_at":"2023-03-05T20:43:42.000Z","size":2016,"stargazers_count":126,"open_issues_count":8,"forks_count":3,"subscribers_count":18,"default_branch":"master","last_synced_at":"2024-04-24T14:58:53.796Z","etag":null,"topics":["dompurify","eslint","react","security","vue"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/theodo.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2019-03-21T16:05:49.000Z","updated_at":"2023-11-16T12:20:38.000Z","dependencies_parsed_at":"2024-01-14T04:42:58.527Z","dependency_job_id":"0b696007-9abf-4728-b5eb-6940a9a89fba","html_url":"https://github.com/theodo/RisXSS","commit_stats":{"total_commits":105,"total_committers":6,"mean_commits":17.5,"dds":0.6952380952380952,"last_synced_commit":"142a897b92995b7ba354f1863a6bd507e364341f"},"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2FRisXSS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2FRisXSS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2FRisXSS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/theodo%2FRisXSS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/theodo","download_url":"https://codeload.github.com/theodo/RisXSS/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248714718,"owners_count":21149952,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["dompurify","eslint","react","security","vue"],"created_at":"2024-08-01T20:00:34.681Z","updated_at":"2025-04-13T12:32:35.815Z","avatar_url":"https://github.com/theodo.png","language":"JavaScript","funding_links":[],"categories":["Awesome XSS prevention tools"],"sub_categories":[],"readme":"# 🛡RisXSS\n\n![Quality tests](https://github.com/theodo/RisXSS/workflows/Quality%20tests/badge.svg)\n\nEradicate all XSS flaws of your React or Vue application using a single ESLint rule.\n\n![Example](assets/risxss-demo.gif)\n\n## How to install RisXSS ?\n\n- First, use your favorite package manager to add eslint-plugin-risxss in your devDependencies, for example with yarn :\n\n```\nyarn add eslint-plugin-risxss --dev\n```\n\n- Then, you just have to add the tailored rule for your projet (React or Vue) :\n\n  - risxss/catch-potential-xss-react for React project\n  - risxss/catch-potential-xss-vue for Vue project\n\nTo do so, add these lines in your eslint config, for instance if you use `.eslintrc.js` config file :\n\nIf your project uses React/Javascript :\n\n```javascript\nmodule.exports = {\n    env: {\n        browser: true,\n        es6: true\n    },\n    extends: 'eslint:recommended',\n    parserOptions: {\n        ecmaFeatures: {\n            jsx: true\n        },\n        ecmaVersion: 2018,\n        sourceType: 'module'\n    },\n    plugins: ['react', 'risxss'],      //  \u003c\u003c\u003c add risxss in plugins\n    rules: {\n        'risxss/catch-potential-xss-react': 'error'  //  \u003c\u003c\u003c add this in rules\n    }\n};\n```\n\nIf your project uses React/TypeScript :\n\n```javascript\nmodule.exports = {\n    env: {\n        browser: true,\n        es6: true\n    },\n    parser: '@typescript-eslint/parser',\n    extends: 'eslint:recommended',\n    parserOptions: {\n        project: './tsconfig.json',\n        ecmaFeatures: {\n            jsx: true\n        },\n        ecmaVersion: 2018,\n        sourceType: 'module'\n    },\n    plugins: ['risxss'],   //  \u003c\u003c\u003c add risxss in plugins\n    rules: {\n        'risxss/catch-potential-xss-react': 'error'   //  \u003c\u003c\u003c add this in rules\n    }\n};\n```\n\nIf your project uses Vue.js\n\n```javascript\nmodule.exports = {\n    env: {\n        browser: true\n    },\n    extends: ['plugin:vue/essential'],\n    parserOptions: {\n        parser: 'babel-eslint'\n    },\n    plugins: ['vue', 'risxss'],   //  \u003c\u003c\u003c add risxss in plugins\n    rules: {\n        'risxss/catch-potential-xss-vue': 'error'   //  \u003c\u003c\u003c add this in rules\n    }\n};\n```\n\n## Rules\n\n- [catch-potential-xss-react](docs/rules/catch-potential-xss-react.md) - Enforce the use of dompurify when using dangerouslySetInnerHtml\n- [catch-potential-xss-vue](docs/rules/catch-potential-xss-vue.md) - Enforce the use of dompurify when using v-html\n\n## Configuring the rules\n\nSometimes you have your own rules to prevent XSS and you don't use DOMPurify.sanitize on your inputs. You can add your own function name to the RisXSS whitelist by passing them as options.\n\n:warning: We still recommend using DOMPurify to sanitize your inputs :warning:\n\n```javascript\nmodule.exports = {\n    env: {\n        browser: true\n    },\n    extends: ['plugin:vue/essential'],\n    parserOptions: {\n        parser: 'babel-eslint'\n    },\n    plugins: ['vue', 'risxss'],   //  \u003c\u003c\u003c add risxss in plugins\n    rules: {\n        'risxss/catch-potential-xss-vue': ['error', {\n            trustedLibraries: ['xss'] //  \u003c\u003c\u003c define your anti XSS function here.\n        }]\n    }\n};\n```\n\n```js\n// in your file\nimport { sanitize } from 'xss';\n\nexport const DesktopPostCard = ({ post }) =\u003e (\n  \u003cdiv dangerouslySetInnerHTML={{ __html: sanitize(post.content) }} /\u003e\n);\n```\n\n## License\n\nMIT\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheodo%2FRisXSS","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ftheodo%2FRisXSS","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ftheodo%2FRisXSS/lists"}