github.com/voku/anti-xss issues | Ecosyste.ms: OpenCollective

Update codecov/codecov-action action to v5

renovate[bot] opened this pull request about 1 month ago

Vulnerability found

plakidan opened this issue about 2 months ago

Use version of voku/portable-utf8 which does not throw deprecation wa…

sbennett-ihasco opened this pull request about 2 months ago

Php83

sbennett-ihasco opened this pull request about 2 months ago

Fix voku/portable-utf-8 at version compatible with 8.2 (does not rais…

sbennett-ihasco opened this pull request about 2 months ago

Issue with sanitising XSS on Base64 encoded strings with trailing double equal (==) signs

EricSocs opened this issue 2 months ago

False positive: "system ("

friggingee opened this issue 3 months ago

added method to add naughty JS pattern

intoeetive opened this pull request 3 months ago

Please add big warning that this package should not be included in any non-UTF-8 application or package dependency

cmanley opened this issue 8 months ago

Fix failing test "testSvgXssFileV1"

Chris53897 opened this issue 10 months ago

chore: fix PHPStan error

Chris53897 opened this pull request 10 months ago

chore: Add PHP 8.3 testrun

Chris53897 opened this pull request 10 months ago

chore: allow PHPUnit 11

Chris53897 opened this pull request 10 months ago

JSON Encoded HTML attribute issues

breconwhite opened this issue 10 months ago

Update actions/upload-artifact action to v4

renovate[bot] opened this pull request 10 months ago

Example 6 returns unexpected false in isXssFound()

banakito opened this issue 10 months ago

Fix false positives

josh-gaby opened this pull request 11 months ago

Update dependency phpunit/phpunit to v11

renovate[bot] opened this pull request 11 months ago

Update codecov/codecov-action action to v4 - autoclosed

renovate[bot] opened this pull request 11 months ago

Update actions/cache action to v4

renovate[bot] opened this pull request 11 months ago

Update actions/upload-artifact action to v4 - autoclosed

renovate[bot] opened this pull request about 1 year ago

Why is my output different from your example

ken678 opened this issue about 1 year ago

False positive 'abc < abcd'

timmit-nl opened this issue about 1 year ago

Update actions/checkout digest to 11bd719

renovate[bot] opened this pull request about 1 year ago

Update codecov/codecov-action action to v4 - autoclosed

renovate[bot] opened this pull request over 1 year ago

Update actions/cache action to v3.4.0

renovate[bot] opened this pull request over 1 year ago

Update actions/checkout action to v4

renovate[bot] opened this pull request over 1 year ago

False postive "Behavior:"

attrib opened this issue over 1 year ago

Just question about htmlspecialchars and this

Pok4 opened this issue over 1 year ago

style=foo:expres\sion(1058+{valueOf:alert})} and style=color:expres\sion(1834+{toString:alert} XSS Issue

psinghracknap opened this issue over 1 year ago

Updated version of a using package(voku/portable-utf8)

Ar-Monta opened this pull request over 1 year ago

Update shivammathur/setup-php action to v2.31.1

renovate[bot] opened this pull request over 1 year ago

Apply fixes from StyleCI

voku opened this pull request almost 2 years ago

Update actions/cache action to v3.3.1

renovate[bot] opened this pull request almost 2 years ago

Apply fixes from StyleCI

voku opened this pull request almost 2 years ago

Remove var_dump call

gharlan opened this pull request almost 2 years ago

Apply fixes from StyleCI

voku opened this pull request almost 2 years ago

Update actions/cache action to v3.2.5

renovate[bot] opened this pull request almost 2 years ago

Update dependency phpunit/phpunit to v10 - abandoned

renovate[bot] opened this pull request almost 2 years ago

xss_clean bypass (false negative) on javascript context

thanosgn opened this issue almost 2 years ago

false positive in url geolocation.com

alechner opened this issue about 2 years ago

false positive on name

f17208 opened this issue about 2 years ago

FP: text like " system (e.g. Windows 10, Mac OS X etc.) "

voku opened this issue over 2 years ago

False positive on closed sorce tag.

genetus opened this issue over 2 years ago

Added onDragExit to the unsafe events

peter-mw opened this pull request over 2 years ago

Added more unsafe attributes

peter-mw opened this pull request over 2 years ago

Added more unsafe attributes

peter-mw opened this pull request over 2 years ago

Added onTransitionRun to the unsafe events

peter-mw opened this pull request over 2 years ago

Update codecov/codecov-action action to v3

renovate[bot] opened this pull request over 2 years ago

Update shivammathur/setup-php action to v2.24.0

renovate[bot] opened this pull request almost 3 years ago

Update actions/cache action to v3

renovate[bot] opened this pull request almost 3 years ago

Valid hex characters invalidates urls and remove them from the output

paxter opened this issue almost 3 years ago

JavaScript keywords will be removed in pre/code tag

paxter opened this issue almost 3 years ago

Resolve #99 - Optimize "_sanitize_naughty_javascript"

Fahl-Design opened this pull request almost 3 years ago

Update actions/upload-artifact action to v3

renovate[bot] opened this pull request almost 3 years ago

False positive for "wordContainingFile(" in `_sanitize_naughty_javascript`

Fahl-Design opened this issue almost 3 years ago

Apply fixes from StyleCI

voku opened this pull request almost 3 years ago

Update actions/checkout action to v3

renovate[bot] opened this pull request almost 3 years ago

Update shivammathur/setup-php action to v2.17.1

renovate[bot] opened this pull request almost 3 years ago

False positive for Document.aspx in link

adam-boduch opened this issue almost 3 years ago

Update shivammathur/setup-php action to v2.17.0

renovate[bot] opened this pull request almost 3 years ago

XSS in Angular and AngularJS

Brenneisen opened this issue almost 3 years ago

All Post and GET Celan

sanater opened this issue almost 3 years ago

Update codecov/codecov-action action to v2

renovate[bot] opened this pull request almost 3 years ago

Update shivammathur/setup-php action to v2.16.0

renovate[bot] opened this pull request almost 3 years ago

Dependency Dashboard

renovate[bot] opened this issue almost 3 years ago

Update actions/cache action to v2.1.7

renovate[bot] opened this pull request almost 3 years ago

Pin dependencies - autoclosed

renovate[bot] opened this pull request almost 3 years ago

Configure Renovate

renovate[bot] opened this pull request almost 3 years ago

False positive for `foo="<span class="bar">baz</span>"`

gharlan opened this issue about 3 years ago

#83 - False positive on < 1 year

mathiasselleslach opened this pull request about 3 years ago

False positive on < 1 year

mathiasselleslach opened this issue about 3 years ago

Apply fixes from StyleCI

voku opened this pull request about 3 years ago

Apply fixes from StyleCI

voku opened this pull request about 3 years ago

It gives errors in large strings.

hsdmr opened this issue about 3 years ago

Cannot properly install

FinnAlberts opened this issue over 3 years ago

False positive in string < 35%

timmit-nl opened this issue over 3 years ago

Upgrade to GitHub-native Dependabot

dependabot-preview[bot] opened this pull request over 3 years ago

Can I use it in commercial software?

MichaelXieShao opened this issue over 3 years ago

isXssFound() returns false if xss string was found in array value that is not the last one.

dlt- opened this issue over 3 years ago

Apply fixes from StyleCI

voku opened this pull request over 3 years ago

more specific types for psalm

gharlan opened this pull request almost 4 years ago

The content of the code block submitted by the editor will be added with additional line breaks

isszz opened this issue almost 4 years ago

The style attribute preserves the question.

isszz opened this issue almost 4 years ago

CVE-2019-11358 (Medium) detected in jquery-3.3.1.min.js

mend-bolt-for-github[bot] opened this issue about 4 years ago

CVE-2020-11022 (Medium) detected in jquery-3.3.1.min.js

mend-bolt-for-github[bot] opened this issue about 4 years ago

CVE-2019-8331 (Medium) detected in bootstrap-4.1.3.min.js

mend-bolt-for-github[bot] opened this issue about 4 years ago

CVE-2020-11023 (Medium) detected in jquery-3.3.1.min.js

mend-bolt-for-github[bot] opened this issue about 4 years ago

Configure WhiteSource Bolt for GitHub

mend-bolt-for-github[bot] opened this pull request about 4 years ago

perf: do a initial peak with the 3rd char of each event

staabm opened this pull request about 4 years ago

performance investigation

staabm opened this issue about 4 years ago

How allow some condition html content

Mech-Statham opened this issue about 4 years ago

False positive in string <35%

timmit-nl opened this issue over 4 years ago

Allow base64 in img failds

danielspk opened this issue over 4 years ago

False positive in string

Anyqax opened this issue over 4 years ago

img's src="data:image/png;base64," be deleted

1261466029 opened this issue over 4 years ago

Possibly inconsistent escaping

andrei-dascalu opened this issue over 4 years ago

What is the added value to anti-xss over htmlentities($val, ENT_QUOTES);

killua-eu opened this issue almost 5 years ago

Escaped <script> tags are removed

gharlan opened this issue almost 5 years ago

Wrong result for escaped html inside `<pre>`

gharlan opened this issue almost 5 years ago