By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,317 Members | 1,313 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,317 IT Pros & Developers. It's quick & easy.

library to clean input to prevent cross site scripting

P: n/a
We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.

Any js libraries or resources out there anywhere?

Jun 19 '07 #1
Share this Question
Share on Google+
1 Reply


P: n/a
jamesd wrote:
We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.
http://weblogs.java.net/blog/gmurray...ting_cros.html

--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
Jun 19 '07 #2

This discussion thread is closed

Replies have been disabled for this discussion.