library to clean input to prevent cross site scripting

Discussion in 'Javascript' started by jamesd, Jun 19, 2007.

  1. jamesd

    jamesd Guest

    We have a javascript that is vulnerable to XSS because the input to
    the script is not being checked for strings such as "javascript",
    "eval", "script" etc. I have seen some snippets of code here and
    there on how to check the strings but I have not yet found a
    comprehensive js library that will clean user input of all offending
    characters. What complicates it is that phishers can encode characters
    to bypass the usual amateurish attempts to clean strings of offending
    characters.

    Any js libraries or resources out there anywhere?
     
    jamesd, Jun 19, 2007
    #1
    1. Advertising

  2. jamesd

    -Lost Guest

    jamesd wrote:
    > We have a javascript that is vulnerable to XSS because the input to
    > the script is not being checked for strings such as "javascript",
    > "eval", "script" etc. I have seen some snippets of code here and
    > there on how to check the strings but I have not yet found a
    > comprehensive js library that will clean user input of all offending
    > characters. What complicates it is that phishers can encode characters
    > to bypass the usual amateurish attempts to clean strings of offending
    > characters.


    http://weblogs.java.net/blog/gmurray71/archive/2006/09/preventing_cros.html

    --
    -Lost
    Remove the extra words to reply by e-mail. Don't e-mail me. I am
    kidding. No I am not.
     
    -Lost, Jun 20, 2007
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Scott M.

    Cross-Site Scripting...

    Scott M., Dec 22, 2003, in forum: ASP .Net
    Replies:
    7
    Views:
    3,426
    Steven Cheng[MSFT]
    Dec 24, 2003
  2. Earl Teigrob
    Replies:
    0
    Views:
    557
    Earl Teigrob
    Feb 18, 2004
  3. =?Utf-8?B?QnJhZCBRdWlubg==?=

    Cross site scripting

    =?Utf-8?B?QnJhZCBRdWlubg==?=, Apr 27, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    444
    Brock Allen
    Apr 28, 2005
  4. Replies:
    3
    Views:
    827
  5. Replies:
    8
    Views:
    533
Loading...

Share This Page