XssKillah (Work in Progress)

A Fast Minimal DOM-based HTML Sanitizer

XssKillah is a lightweight and fast HTML sanitizer designed for securing components and content delivery. While it comes with opinionated defaults for high protection, it offers flexibility for various real-world use cases.

Features

2.11KB minified | 957 bytes (brotli)
Minimal allowed markup by default for enhanced security
Fast (Outperforms generic sanitizers like DomPurify and Sanitize-HTML)
Sanitizes against a real DOM (not RegEx)
Cleans dangerous URLs
No need for escaping (Textual content is encapsulated in Text-nodes)
Whitelist opt-in for dangerous tags, attributes, and known vulnerable combinations

Philosophy

XssKillah follows a highly opinionated approach by disallowing as many vulnerable tags and attributes as possible. This minimalistic design keeps XssKillah small, ensuring fast performance. It offers clarity, allowing you to understand the risks as you enable specific features.

Restrictions

In theory, there are no restrictions on what can be rendered. XssKillah is an opt-in sanitizer, meaning that rendered script tags will not execute unless explicitly allowed.

API

The API details are still a work in progress and will be announced soon.

xsskillah

XssKillah (Work in Progress)

A Fast Minimal DOM-based HTML Sanitizer

Features

Philosophy

Restrictions

API

License

/xsskillah/

Package Sidebar

Install

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

xsskillah

XssKillah (Work in Progress)

A Fast Minimal DOM-based HTML Sanitizer

Features

Philosophy

Restrictions

API

License

/xsskillah/

Package Sidebar

Install

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads