AgentSkillsCN

openwebf-security-xss-sanitization

审查并缓解 WebF 应用中的 XSS 风险(净化 HTML、验证输入、避免不安全字符串渲染)。在用户提到 XSS、净化 HTML、类似 innerHTML 的渲染、用户生成的 HTML,或“不受信任的输入”时使用。

SKILL.md
--- frontmatter
name: openwebf-security-xss-sanitization
description: Review and mitigate XSS risks in WebF apps (sanitize HTML, validate input, avoid unsafe string rendering). Use when the user mentions XSS, sanitize HTML, innerHTML-like rendering, user-generated HTML, or “untrusted input”.
allowed-tools: Read, Grep, Glob, mcp__openwebf__docs_search, mcp__openwebf__docs_get_section, mcp__openwebf__docs_related

OpenWebF Security: XSS & Input Sanitization

Instructions

  1. Identify sources of untrusted input (UGC, remote content, query params).
  2. Look for unsafe HTML string rendering patterns and missing sanitization.
  3. Recommend explicit sanitization and input validation strategies.
  4. Use MCP docs (“Security > Prevent XSS / Sanitize HTML / Validate Input”) to anchor recommendations.
  5. Provide fixes as minimal, concrete suggestions; do not modify files by default.

More: