How to Check Text Input for Cross-Site Scripting (XSS) Attacks; Prevent through Normalization using C/C++

By running user-facing text input through the complementary code provided below, you can quickly identify Cross-Site Scripting (XSS) attacks and normalize them to immediately neutralize the original threat. This calls a free security API, returning a normalized result string along with a Boolean indicating if the original input contained an XSS attack.

You can structure your API call in two quick steps. First, add libcurl to your C++ project:

libcurl/7.75.0

Next, copy the below examples to structure your request, and provide a free-tier API key in the authorization header:

CURL *curl;
CURLcode res;
curl = curl_easy_init();
if(curl) {
     curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
     curl_easy_setopt(curl, CURLOPT_URL, "https://api.cloudmersive.com/security/threat-detection/content/xss/detect/string");
     curl_easy_setopt(curl, CURLOPT_FOLLOWLOCATION, 1L);
     curl_easy_setopt(curl, CURLOPT_DEFAULT_PROTOCOL, "https");
     struct curl_slist *headers = NULL;
     headers = curl_slist_append(headers, "Content-Type: application/json");
     headers = curl_slist_append(headers, "Apikey: YOUR-API-KEY-HERE");
     curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
     const char *data = "\"<string>\"";
     curl_easy_setopt(curl, CURLOPT_POSTFIELDS, data);
     res = curl_easy_perform(curl);
}
curl_easy_cleanup(curl);

That’s all there is to it — no more code required. You can now seamlessly protect user-facing text input from XSS threats.