Do you guys know of a solid library/function in Javascript to clean user input.
Mainly for preventing XSS attacks and the sort.
It would be a plus if the said library had the option of allowing certain tags etc.
EDIT: I'm using node.js on the backend. That's why I need a javascript library for that sort of thing.
People are recommending a part of Google Caja here: Preventing XSS in Node.js / server side javascript
But I was just hoping to get more options.
Modularize Your Functions An easy way to declutter your code is creating a function for every single task. If a function does more than its name implies, you should consider splitting the functionality and creating another function. Maintaining smaller functional chunks makes your code look neat.
It is used for server-side programming, and primarily deployed for non-blocking, event-driven servers, such as traditional web sites and back-end API services, but was originally designed with real-time, push-based architectures in mind.
This is not the case; Node. js can be used on the frontend as well as the backend. The event-driven, non-blocking nature of Node. js frameworks is one of the reasons it is a popular choice for developers designing a flexible and scalable backend.
Express is a node js web application framework that provides broad features for building web and mobile applications. It is used to build a single page, multipage, and hybrid web application. It's a layer built on the top of the Node js that helps manage servers and routes.
I use node-validator by chriso.
Example
var check = require('validator').check,
sanitize = require('validator').sanitize
// Validate
check('[email protected]').len(6, 64).isEmail(); //Methods are chainable
check('abc').isInt(); //Throws 'Invalid integer'
check('abc', 'Please enter a number').isInt(); //Throws 'Please enter a number'
check('abcdefghijklmnopzrtsuvqxyz').is(/^[a-z]+$/);
// Sanitize / Filter
var int = sanitize('0123').toInt(); //123
var bool = sanitize('true').toBoolean(); //true
var str = sanitize(' \s\t\r hello \n').trim(); //'hello'
var str = sanitize('aaaaaaaaab').ltrim('a'); //'b'
var str = sanitize(large_input_str).xss();
var str = sanitize('<a>').entityDecode(); //'<a>'
This is the equivalent of the PHP strip_tags
function in Javascript. phpjs.org comes in handy for this kind of situations.
http://phpjs.org/functions/strip_tags:535
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With