explainx.ainewsletter3.02k
Productivity

xss-prevention

aj-geddes/useful-ai-prompts · updated Apr 8, 2026

$npx skills add https://github.com/aj-geddes/useful-ai-prompts --skill xss-prevention
0 commentsdiscussion
summary

Implement comprehensive Cross-Site Scripting (XSS) prevention using input sanitization, output encoding, CSP headers, and secure coding practices.

skill.md

XSS Prevention

Table of Contents

Overview

Implement comprehensive Cross-Site Scripting (XSS) prevention using input sanitization, output encoding, CSP headers, and secure coding practices.

When to Use

  • User-generated content display
  • Rich text editors
  • Comment systems
  • Search functionality
  • Dynamic HTML generation
  • Template rendering

Quick Start

Minimal working example:

// xss-prevention.js
const createDOMPurify = require("dompurify");
const { JSDOM } = require("jsdom");
const he = require("he");

const window = new JSDOM("").window;
const DOMPurify = createDOMPurify(window);

class XSSPrevention {
  /**
   * HTML Entity Encoding - Safest for text content
   */
  static encodeHTML(str) {
    return he.encode(str, {
      useNamedReferences: true,
      encodeEverything: false,
    });
  }

  /**
   * Sanitize HTML - For rich content
   */
  static sanitizeHTML(dirty) {
    const config = {
      ALLOWED_TAGS: [
// ... (see reference guides for full implementation)

Reference Guides

Detailed implementations in the references/ directory:

Guide Contents
Node.js XSS Prevention Node.js XSS Prevention
Python XSS Prevention Python XSS Prevention
React XSS Prevention React XSS Prevention
Content Security Policy Content Security Policy

Best Practices

✅ DO

  • Encode output by default
  • Use templating engines
  • Implement CSP headers
  • Sanitize rich content
  • Validate URLs
  • Use HTTPOnly cookies
  • Regular security testing
  • Use secure frameworks

❌ DON'T

  • Trust user input
  • Use innerHTML directly
  • Skip output encoding
  • Allow inline scripts
  • Use eval()
  • Mix contexts (HTML/JS)

Discussion

Product Hunt–style comments (not star reviews)
  • No comments yet — start the thread.
general reviews

Ratings

4.658 reviews
  • Jin Flores· Dec 20, 2024

    xss-prevention fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Sakura Nasser· Dec 20, 2024

    xss-prevention is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Shikha Mishra· Dec 12, 2024

    xss-prevention is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Ira Martin· Dec 8, 2024

    Solid pick for teams standardizing on skills: xss-prevention is focused, and the summary matches what you get after install.

  • Omar Thomas· Dec 4, 2024

    I recommend xss-prevention for anyone iterating fast on agent tooling; clear intent and a small, reviewable surface area.

  • Noor Ghosh· Nov 27, 2024

    xss-prevention has been reliable in day-to-day use. Documentation quality is above average for community skills.

  • Omar Li· Nov 23, 2024

    Useful defaults in xss-prevention — fewer surprises than typical one-off scripts, and it plays nicely with `npx skills` flows.

  • Sakura Farah· Nov 11, 2024

    xss-prevention is among the better-maintained entries we tried; worth keeping pinned for repeat workflows.

  • Jin Khan· Nov 11, 2024

    xss-prevention fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

  • Rahul Santra· Nov 3, 2024

    xss-prevention fits our agent workflows well — practical, well scoped, and easy to wire into existing repos.

showing 1-10 of 58

1 / 6