XSSB is a proactive DOM sanitizer, defending against client-side injection attacks.
With every unaudited third-party JS library you include into your DOM, the risk of accidental DOM-based cross-site-scripting issues rises linearly. It being for advertisement, web analytics, social widgets, et al., all sorts of third-party code is susceptible to injection attacks.
Examples of this are: * http://www.troyhunt.com/2015/07/how-i-got-xssd-by-my-ad-network.html * https://blogs.dropbox.com/tech/2015/09/csp-the-unexpected-eval/ * http://www.fuzzysecurity.com/tutorials/14.html * http://blog.mindedsecurity.com/2011/04/god-save-omniture-quine.html * https://hackerone.com/reports/125386#activity-888336
XSSB mainly utilizes taint checking to guard against accidental mistakes and poor security practices commonly employed by JS libraries that may lead to DOM-based XSS vulnerabilities.
So, basically, XSSB offers you the freedom to deploy any given third-party code into your DOM while at the same time covering your DOM's back!
Simply place the script element of XSSBuster.js right before any other third-party scripts you include into your webpage(s), typically at the very top of the head tag:
<head>
<title>Example</title>
<script type="text/javascript" src="https://github.com/0xSobky/XSSBuster/raw/v1.1.3/XSSBuster.js"></script>
<script type="text/javascript" src="https://github.com/0xSobky/XSSBuster/raw/v1.1.3/thirdParty-library.js"></script>
</head>
A live demo can be found at: https://xssb.herokuapp.com.
Based on tests, XSSB only takes 10 milliseconds on average to do all required security checks besides the registration of a few necessary event listeners.
XSSB is compatible with the latest versions of all major web browsers (Firefox, Chrome, IE, Edge, Safari, and Opera) as well as most legacy web browsers through fallback functionality.
eval in order to enforce taint checking. A side effect of this is that eval will behave more like jQuery's globalEval than the native implementation of eval in most web browsers.$ claude mcp add XSSBuster \
-- python -m otcore.mcp_server <graph>