XSS
Version 3.x β
Moved to different module - utils/escape.
Version 2.x
XSS object is used to escape special symbols in order to prevent XSS attacks.
Basic Usage
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
| /* globals $ */
/* eslint-env node, dirigible */
var xss = require('utils/xss');
var response = require('net/http/response');
var raw = 'a\'b,c|d;e"f';
var escaped = xss.escapeCsv(raw);
response.println("CSV");
response.println(raw);
response.println(escaped);
raw = '<br><lt>';
escaped = xss.escapeHtml(raw);
response.println();
response.println("HTML");
response.println(raw);
response.println(escaped);
raw = '"hi" I\'m John';
escaped = xss.escapeJavaScript(raw);
response.println();
response.println("JavaScript");
response.println(raw);
response.println(escaped);
raw = "John's bag";
escaped = xss.escapeSql(raw);
response.println();
response.println("SQL");
response.println(raw);
response.println(escaped);
raw = "<tag>";
escaped = xss.escapeXml(raw);
response.println();
response.println("XML");
response.println(raw);
response.println(escaped);
response.flush();
response.close();
|
Definition
Functions
Function |
Description |
Returns |
escapeCsv(data) |
Escapes the CSV string |
string |
escapeHtml(data) |
Escapes the CSV string |
string |
escapeJava(data) |
Escapes the CSV string |
string |
escapeJavaScript(data) |
Escapes the CSV string |
string |
escapeSql(data) |
Escapes the CSV string |
string |
escapeXml(data) |
Escapes the CSV string |
string |
unescapeCsv(data) |
Unescapes the CSV string |
string |
unescapeHtml(data) |
Unescapes the CSV string |
string |
unescapeJava(data) |
Unescapes the CSV string |
string |
unescapeJavaScript(data) |
Unescapes the CSV string |
string |
unescapeSql(data) |
Unescapes the CSV string |
string |
unescapeXml(data) |
Unescapes the CSV string |
string |
Compatibility
Rhino |
Nashorn |
V8 |
β
|
β
|
β |
Edit