bluemonday

We have hosted the application bluemonday in order to run this application in our online workstations with Wine or directly.

Quick description about bluemonday:

bluemonday is an HTML sanitizer implemented in Go. It is fast and highly configurable. bluemonday takes untrusted user-generated content as an input, and will return HTML that has been sanitized against an allowlist of approved HTML elements and attributes so that you can safely include the content in your web page. If you accept user-generated content, and your server uses Go, you need bluemonday. It protects sites from XSS attacks. There are many vectors for an XSS attack and the best way to mitigate the risk is to sanitize user input against a known safe list of HTML elements and attributes. If you use blackfriday or Pandoc then bluemonday should be run after these steps. This ensures that no insecure HTML is introduced later in your process. Allowlist based, you need to either build a policy describing the HTML elements and attributes to permit.

Features:

• We expect to be supplied with well-formatted HTML
• bluemonday is tested on all versions since Go 1.2 including tip
• We support Go 1.1 but Travis no longer tests against it
• We are using bluemonday in production having migrated from the widely used and heavily field tested OWASP Java HTML Sanitizer
• The essence of building a policy is to determine which HTML elements and attributes are considered safe for your scenario
• OWASP provide an XSS prevention cheat sheet to help explain the risks

Programming Language: Go.
Categories: