library to clean input to prevent cross site scripting

jamesd · Jun 19, 2007

We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.

Any js libraries or resources out there anywhere?

-Lost · Jun 20, 2007

jamesd said:
We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.

http://weblogs.java.net/blog/gmurray71/archive/2006/09/preventing_cros.html

Cross Site Scripting	2	Sep 29, 2004
Filter user entered Html for possible Cross Site Scripting attacks	0	Aug 14, 2006
Starting to Build a JavaScript Library	33	Feb 16, 2008
Allow HTML input in form field WITH Cross-Site scripting security	0	Feb 18, 2004
jQuery Overloading Strategy -- What Not To Do	25	Sep 10, 2011
Sencha Touch--Support 2 browsers in just 228K!	64	Jul 16, 2010
XPath to get all elements with an attribute starting with "on"	2	Jan 6, 2008
FAQ update (roundup of pending requests - for comment)	6	Jan 7, 2004

library to clean input to prevent cross site scripting

jamesd

-Lost

Ask a Question

Similar Threads

Members online

Forum statistics

Latest Threads