Check HTML for SSRF Threats in Node.JS

These days online threats go way beyond the reaches of basic anti-virus software into a wide array of ever-changing and hard to detect attacks. Server-side request forgeries (SSRF) are one of the many threats that have been creeping across cyberspace and wreaking havoc. These attacks can infiltrate your server via URLs or HTML injection and obtain full or partial control of requests sent by web applications. In this quick tutorial, we will demonstrate how to use an API in Node.JS to provide an extra layer of protection by checking HTML text input for SSRF attacks.

To use the API, we first need to install the SDK:

npm install cloudmersive-validate-api-client --save

Or, you can add this snippet to your package.json:

"dependencies": {
    "cloudmersive-validate-api-client": "^1.3.9"
  }

Now we’re set up to call the validation function:

var CloudmersiveValidateApiClient = require('cloudmersive-validate-api-client');
var defaultClient = CloudmersiveValidateApiClient.ApiClient.instance;
// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';
var apiInstance = new CloudmersiveValidateApiClient.TextInputApi();
var value = "value_example"; // String | User-facing HTML input.
var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.textInputCheckHtmlSsrf(value, callback);

This quick and easy process will allow you to automate the detection of potential SSRF attacks with minimal effort. To retrieve your API key, head over to the Cloudmersive website to register for a free account that will provide access to 800 monthly calls across our multitude of APIs.