XSS
Version 3.x β
Moved to different module - utils/escape.
Version 2.x
XSS object is used to escape special symbols in order to prevent XSS attacks.
Basic Usage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| /* globals $ */
/* eslint-env node, dirigible */
var xss = require('utils/xss');
var response = require('net/http/response');
var raw = 'a\'b,c|d;e"f';
var escaped = xss.escapeCsv(raw);
response.println("CSV");
response.println(raw);
response.println(escaped);
raw = '<br><lt>';
escaped = xss.escapeHtml(raw);
response.println();
response.println("HTML");
response.println(raw);
response.println(escaped);
raw = '"hi" I\'m John';
escaped = xss.escapeJavaScript(raw);
response.println();
response.println("JavaScript");
response.println(raw);
response.println(escaped);
raw = "John's bag";
escaped = xss.escapeSql(raw);
response.println();
response.println("SQL");
response.println(raw);
response.println(escaped);
raw = "<tag>";
escaped = xss.escapeXml(raw);
response.println();
response.println("XML");
response.println(raw);
response.println(escaped);
response.flush();
response.close();
|
Definition
Functions
| Function |
Description |
Returns |
| escapeCsv(data) |
Escapes the CSV string |
string |
| escapeHtml(data) |
Escapes the CSV string |
string |
| escapeJava(data) |
Escapes the CSV string |
string |
| escapeJavaScript(data) |
Escapes the CSV string |
string |
| escapeSql(data) |
Escapes the CSV string |
string |
| escapeXml(data) |
Escapes the CSV string |
string |
| unescapeCsv(data) |
Unescapes the CSV string |
string |
| unescapeHtml(data) |
Unescapes the CSV string |
string |
| unescapeJava(data) |
Unescapes the CSV string |
string |
| unescapeJavaScript(data) |
Unescapes the CSV string |
string |
| unescapeSql(data) |
Unescapes the CSV string |
string |
| unescapeXml(data) |
Unescapes the CSV string |
string |
Compatibility
| Rhino |
Nashorn |
V8 |
| β
|
β
|
β |
Edit