no-unsanitized
ESLint plugin that disallows unsafe innerHTML, outerHTML, and similar DOM manipulation methods without proper sanitization.
What is no-unsanitized?
eslint-plugin-no-unsanitized is a custom ESLint rule plugin that detects and prevents unsafe DOM manipulation methods like innerHTML, outerHTML, and insertAdjacentHTML without proper sanitization. It helps developers avoid cross-site scripting (XSS) vulnerabilities by enforcing secure coding practices through static analysis. The plugin supports predefined sanitization functions and the HTML Sanitizer API to ensure safe variable interpolation in template strings.
JavaScript developers, especially those working on web applications where DOM manipulation is common, and security teams looking to enforce XSS prevention through automated linting.
Developers choose this plugin because it provides a proactive, automated way to catch XSS vulnerabilities early in the development cycle, integrates seamlessly with ESLint workflows, and is backed by Mozilla's security expertise for reliable enforcement of sanitization best practices.
Overview
Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike
Use Cases
Best For
- Preventing XSS vulnerabilities in JavaScript codebases
Related Projects
Found a gem we're missing?
Open-Awesome is built by the community, for the community. Submit a project, suggest an awesome list, or help improve the catalog on GitHub.
