How to Check HTML Text for SSRF Threats in JavaScript

Does your web application access user-controlled URLs to fetch data? If so, it could be susceptible to a Server-Side Request Forgery (SSRF) attack. Since this is a common access approach for web applications, the occurrence of SSRF attacks has increased exponentially over the past few years. One way your server can be exposed to these threats is via HTML injection, which occurs when a user inputs arbitrary HTML code in server-side vulnerabilities. Using the following API in JavaScript will allow you to detect the attacks from HTML text, stopping the issue before it’s executed.

Our first step is to install the jQuery library:

bower install jquery

With the installation out of the way, we can add our HTML text input and call the function with the following code:

var settings = {
     "url": "https://api.cloudmersive.com/validate/text-input/html/check/ssrf",
     "method": "POST",
     "timeout": 0,
     "headers": {
          "Content-Type": "application/json",
          "Apikey": "YOUR-API-KEY-HERE"
     },
     "data": JSON.stringify("<string>"),
};
$.ajax(settings).done(function (response) {
     console.log(response);
});

And that’s it! If you need to obtain an API key, you can do so by registering for a free account on the Cloudmersive website; this will provide access to 800 call/month across all our APIs.