Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > library to clean input to prevent cross site scripting

Reply
Thread Tools

library to clean input to prevent cross site scripting

 
 
jamesd
Guest
Posts: n/a
 
      06-19-2007
We have a javascript that is vulnerable to XSS because the input to
the script is not being checked for strings such as "javascript",
"eval", "script" etc. I have seen some snippets of code here and
there on how to check the strings but I have not yet found a
comprehensive js library that will clean user input of all offending
characters. What complicates it is that phishers can encode characters
to bypass the usual amateurish attempts to clean strings of offending
characters.

Any js libraries or resources out there anywhere?

 
Reply With Quote
 
 
 
 
-Lost
Guest
Posts: n/a
 
      06-19-2007
jamesd wrote:
> We have a javascript that is vulnerable to XSS because the input to
> the script is not being checked for strings such as "javascript",
> "eval", "script" etc. I have seen some snippets of code here and
> there on how to check the strings but I have not yet found a
> comprehensive js library that will clean user input of all offending
> characters. What complicates it is that phishers can encode characters
> to bypass the usual amateurish attempts to clean strings of offending
> characters.


http://weblogs.java.net/blog/gmurray...ting_cros.html

--
-Lost
Remove the extra words to reply by e-mail. Don't e-mail me. I am
kidding. No I am not.
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Validating Request.Params[] values for cross site scripting oopaevah@yahoo.co.uk ASP .Net 3 01-10-2006 02:19 PM
Cross site scripting =?Utf-8?B?QnJhZCBRdWlubg==?= ASP .Net 1 04-27-2005 11:35 PM
Allow HTML input in form field WITH Cross-Site scripting security Earl Teigrob ASP .Net 0 02-18-2004 11:27 PM
Cross-Site Scripting... Scott M. ASP .Net 7 12-24-2003 09:33 AM
Preventing Cross Site Scripting Qaurk Noble Java 0 12-11-2003 05:41 PM



Advertisments