Detect XXE Attacks from Multiple Text Inputs in JavaScript
While XML External Entity (XXE) attacks may not get the press that viruses, malware, and social engineering threats are getting these days, they are still a very prominent and often missed form of attack. XXE attackers transmit their own values through the entities and force the application to display them; this can result in denial of service, port scanning, and exposure of confidential files and data. The job of protecting a web application from XXE attacks will often fall to the developer, so instead of spending time developing a workaround, you can automate the detection of XXE attacks from multiple text inputs in batch by using the following API in JavaScript.
We will begin the process by installing the jQuery library:
bower install jqueryNext, we will call the function with the following code:
var settings = {
"url": "https://api.cloudmersive.com/validate/text-input/check/xxe/batch",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Apikey": "YOUR-API-KEY-HERE"
},
"data": JSON.stringify({
"RequestItems": [
{
"InputText": "<string>",
"AllowInternetUrls": "<boolean>",
"KnownSafeUrls": [
"<string>",
"<string>"
],
"KnownUnsafeUrls": [
"<string>",
"<string>"
]
},
{
"InputText": "<string>",
"AllowInternetUrls": "<boolean>",
"KnownSafeUrls": [
"<string>",
"<string>"
],
"KnownUnsafeUrls": [
"<string>",
"<string>"
]
}
]
}),
};$.ajax(settings).done(function (response) {
console.log(response);
});
Your result for the inputs will be delivered promptly, and without any additional steps needed from you. If you need to retrieve an API key, you can do so by registering for a free account on the Cloudmersive website; this will provide access to 800 monthly calls across our multitude of APIs.
