DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:

bXSS is a utility which can be used by bug hunters and organizations to identify Blind Cross-Site Scripting.

xss-payload-list

JSSCM detects expired domains for Stored XSS exploitation during browsing.

A cross site scripting command and control notification server

🐞 Understand how cross-site scripting occurs, how to detect and exploit XSS vulnerabilities, giving you control of other visitor's browsers.

👻 JavaScript basics for beginners and cybersecurity enthusiatsts. Learn the high-level, multi-paradigm language of the web.

quickly detects OWASP top 10 vulnerabilities in your current tab

AgnosticHTML: A utility function that safely parses HTML strings into DOM nodes, avoiding the use of innerHTML for security reasons.

Given some data, js-char-escape returns a stringified representation of that data to help prevent XSS/ Cross-site_Scripting Attacks in your application). js-char-escape is a fork of jsesc with a few additions such as exclude & excludeAccented.

I improved my previous "JavaScript Share My Place" app so that I can protect it from security holes and concepts. I specifically handled the two most important JavaScript attack patterns or vulnerabilities, which are Security Details in my code exposed accidentally and Cross Site Scripting (XSS) attacks, with Sanitize HTML package for example.

Create canvas fingerprints for your browser ☝.

Tourist Review webiste ,a web application project with the functionality which includes map ,authentication ,login/signup and many more features with security.

Cross Site Scripting (XSS) attack demo

Presentation with reveal.js about xss

Google Chrome extension to detect and prevent Reflected XSS via special crafted URLs

Express with XSS in environment variable

Node.js HTTP CORS middleware.