Bluemonday
bluemonday: a fast golang HTML sanitizer (inspired by the OWASP Java HTML Sanitizer) to scrub user generated content of XSS
Overview
bluemonday is a HTML sanitizer implemented in Go, designed to protect websites from XSS attacks by sanitizing user-generated content against an allowlist of approved HTML elements and attributes. It is fast, highly configurable, and can be easily integrated into Go server applications.
Features
- Fast and Highly Configurable: bluemonday allows you to define policies that describe the HTML elements and attributes to permit, providing flexibility in customizing the sanitization process.
- XSS Attack Protection: Protects websites from XSS attacks by sanitizing user inputs against a known safe list of HTML elements and attributes.
- Production Ready: Successfully used in production environments, having passed extensive testing including AntiSamy tests and checks for unresolved issues.
- Multiple Ways to Call Sanitize: Provides different methods to call the Sanitize function based on the performance requirements of the application.
- Easy Installation: Simple installation by using
go get github.com/microcosm-cc/bluemondayfollowed by calling the sanitizer function.
Summary
bluemonday is a reliable HTML sanitizer for Go applications, offering protection against XSS attacks through allowlist-based sanitization of user-generated content. With its performance benefits, extensive testing, and easy integration, bluemonday is a valuable tool for ensuring web page security when accepting user inputs.
