npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2026 – Pkg Stats / Ryan Hefner

@cobrowser/xss-validation

v2.0.4

Published

A validation package to check if a string contains XSS. It can also sanitize a string.

Downloads

907

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

moises_cobrowsermoises_cobrowsercobrowser_developerscobrowser_developers

Keywords

xssvalidation

Readme

XSS Protector

A lightweight validation and sanitization utility to detect and prevent Cross-Site Scripting (XSS) attacks in strings, arrays, and objects.

Installation

Install via npm:

npm install @cobrowser/xss-validation

Or using yarn:

yarn add @cobrowser/xss-validation

Usage

This package exports a static class, so you can call its methods directly without instantiating it.

Import

// CommonJS
const { XSSProtector } = require('@cobrowser/xss-validation');

// ES Module
import { XSSProtector } from '@cobrowser/xss-validation';

Detect XSS

XSSProtector.containsXSS(input);

Sanitize Input

XSSProtector.sanitize(input);

Both methods support:

  • Strings
  • Arrays of strings
  • Objects with string values

Input Examples

String Input

const userInput = "<img src=javascript:alert('XSS')>";

console.log(XSSProtector.containsXSS(userInput));
// Output: true

console.log(XSSProtector.sanitize(userInput));
// Output: <img>

Array Input

const comments = ["Hello!", "<script>alert('XSS')</script>"];

console.log(XSSProtector.containsXSS(comments));
// Output: true

console.log(XSSProtector.sanitize(comments));
// Output: ["Hello!", ""]

Object Input

const formData = {
  name: "John",
  message: "<svg onload=alert(1)>"
};

console.log(XSSProtector.containsXSS(formData));
// Output: true

console.log(XSSProtector.sanitize(formData));
// Output: { name: "John", message: "<svg></svg>" }

Allowing Certain Words or Phrases

To prevent false positives, you can allow specific words or patterns by editing the internal #isFalsePositive method in the source code.

For example, to allow the word "XSS":

/XSS/i

Once added, this will prevent containsXSS from flagging "XSS" as malicious.

Note: This requires modifying the source code directly.

API Reference

XSSProtector.containsXSS(input)

  • Description: Detects if the input contains XSS.
  • Returns: true if XSS is detected; otherwise false.
  • Supports: string | string[] | Record<string, string>

XSSProtector.sanitize(input)

  • Description: Sanitizes the input, removing potentially dangerous tags and attributes.
  • Returns: A sanitized version of the input in the same structure as provided.
  • Supports: string | string[] | Record<string, string>

Repository & Issue Tracker

  • Repository: https://bitbucket.org/cobrowser/cb_utils
  • Issue Tracker: https://bitbucket.org/cobrowser/cb_utils/issues

License

This project is maintained by CoBrowser (https://cobrowser.com). License information is available in the source repository.