How to Detect XXE Attacks from Text Input in JavaScript

Worried about XXE attacks on your web application? If so, you’re not alone; even high-profile companies reported finding and being exposed to this type of attack over the last few years. XML External Entity (XXE) attacks do not discriminate on who they target; if your applications use a parser to interpret XML data, they have the potential for infiltration. Certain XML entities allow XML as input, and these are the endpoints that are particularly susceptible. In this brief tutorial, we will provide a simple API solution that you can use in JavaScript to detect XXE attacks from text input.

Let’s begin the process by installing the jQuery library:

bower install jquery

Next, we will add our user-facing text input and API key into the following code to call the function:

var settings = {
     "url": "https://api.cloudmersive.com/validate/text-input/check/xxe",
     "method": "POST",
     "timeout": 0,
     "headers": {
          "allowInternetUrls": "<boolean>",
          "knownSafeUrls": "<string>",
          "knownUnsafeUrls": "<string>",
          "Content-Type": "application/json",
          "Apikey": "YOUR-API-KEY-HERE"
     },
     "data": JSON.stringify("<string>"),
};
$.ajax(settings).done(function (response) {
     console.log(response);
});

This will provide an immediate result indicating if the text has been compromised. If you need to retrieve your API key, simply head to the Cloudmersive website to register for a free account; this will give you access to 800 calls/month across our library of APIs.