Menu
Any idea how one would go about preventing XSS attacks on a node.js app? Any libs out there that handle removing javascript in hrefs, onclick attributes,etc. from POSTed data?
I don't want to have to write a regex for all that :)
Any suggestions?
658
Server XSS The source of this data could be from the request, or from a stored location. As such, you can have both Reflected Server XSS and Stored Server XSS. In this case, the entire vulnerability is in server-side code, and the browser is simply rendering the response and executing any valid script embedded in it.
Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
Update 2021-04-16: xss is a module used to filter input from users to prevent XSS attacks. Sanitize untrusted HTML (to prevent XSS) with a configuration specified by a Whitelist.
I've created a module that bundles the Caja HTML Sanitizer
npm install sanitizer http://github.com/theSmaw/Caja-HTML-Sanitizer
https://www.npmjs.com/package/sanitizer
Any feedback appreciated.
152
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
