How to Block HTML File Threats using JavaScript
Script tags within HTML files can house malicious code in myriad forms. Depending on what those HTML files are being used for, categorically blocking files with HTML script tags in the top-level file can be the safest option for your application’s security.
The below free-to-use Virus Scanning API solution allows you to set custom threat rules against hidden content threats like HTML script input, blocking would-be cyber-attacks while simultaneously permitting other content per your specification. This API scans each file upload for millions of virus and malware signatures by default, so you’ll also get excellent 360-degree protection against a continuously updated list of compromising threats.
You can easily structure your API call in one quick step using the ready-to-run JavaScript code examples below:
var data = new FormData();
data.append("inputFile", fileInput.files[0], "file");
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api.cloudmersive.com/virus/scan/file/advanced");
xhr.setRequestHeader("allowExecutables", "<boolean>");
xhr.setRequestHeader("allowInvalidFiles", "<boolean>");
xhr.setRequestHeader("allowScripts", "<boolean>");
xhr.setRequestHeader("allowPasswordProtectedFiles", "<boolean>");
xhr.setRequestHeader("allowMacros", "<boolean>");
xhr.setRequestHeader("allowXmlExternalEntities", "<boolean>");
xhr.setRequestHeader("allowInsecureDeserialization", "<boolean>");
xhr.setRequestHeader("allowHtml", "<boolean>");
xhr.setRequestHeader("restrictFileTypes", "<string>");
xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");
xhr.send(data);
To authenticate your request, copy your Cloudmersive API key (you can get one for free with a limit of 800 API calls per month) into the “Apikey” parameter. That’s all there is to it!