Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Anybody know a solid library/function in Javascript to clean user input

Do you guys know of a solid library/function in Javascript to clean user input.

Mainly for preventing XSS attacks and the sort.

It would be a plus if the said library had the option of allowing certain tags etc.

EDIT: I'm using node.js on the backend. That's why I need a javascript library for that sort of thing.

People are recommending a part of Google Caja here: Preventing XSS in Node.js / server side javascript

But I was just hoping to get more options.

like image 787
arnorhs Avatar asked Jan 13 '11 21:01

arnorhs


People also ask

How do you write a clean code in NodeJS?

Modularize Your Functions An easy way to declutter your code is creating a function for every single task. If a function does more than its name implies, you should consider splitting the functionality and creating another function. Maintaining smaller functional chunks makes your code look neat.

What is NodeJS used for?

It is used for server-side programming, and primarily deployed for non-blocking, event-driven servers, such as traditional web sites and back-end API services, but was originally designed with real-time, push-based architectures in mind.

Can we use NodeJS for frontend?

This is not the case; Node. js can be used on the frontend as well as the backend. The event-driven, non-blocking nature of Node. js frameworks is one of the reasons it is a popular choice for developers designing a flexible and scalable backend.

Why express js is used?

Express is a node js web application framework that provides broad features for building web and mobile applications. It is used to build a single page, multipage, and hybrid web application. It's a layer built on the top of the Node js that helps manage servers and routes.


2 Answers

I use node-validator by chriso.

Example

var check = require('validator').check,
    sanitize = require('validator').sanitize

// Validate
check('[email protected]').len(6, 64).isEmail();       //Methods are chainable
check('abc').isInt();                               //Throws 'Invalid integer'
check('abc', 'Please enter a number').isInt();      //Throws 'Please enter a number'
check('abcdefghijklmnopzrtsuvqxyz').is(/^[a-z]+$/);

// Sanitize / Filter
var int = sanitize('0123').toInt();                  //123
var bool = sanitize('true').toBoolean();             //true
var str = sanitize(' \s\t\r hello \n').trim();      //'hello'
var str = sanitize('aaaaaaaaab').ltrim('a');        //'b'
var str = sanitize(large_input_str).xss();
var str = sanitize('&lt;a&gt;').entityDecode();     //'<a>'
like image 177
Baggz Avatar answered Nov 06 '22 17:11

Baggz


This is the equivalent of the PHP strip_tags function in Javascript. phpjs.org comes in handy for this kind of situations.

http://phpjs.org/functions/strip_tags:535

like image 2
amosrivera Avatar answered Nov 06 '22 17:11

amosrivera