How to Protect Against Cross-Site Scripting Attacks with a Free API in Node.js

Normalizing client-side text inputs is a great way to render cross-site scripting attacks ineffective. Using the minimal code examples below, we can take advantage of a free API that’ll process and normalize our text inputs for us, greatly improving our web application security. To use this API for free, we’ll just need a free-tier API key, which will allow us to make up to 800 API calls per month with no additional commitments.

We can begin structuring our API call by installing the SDK. We can either run this command:

npm install cloudmersive-security-api-client --save

Or add this snippet to our package.json:

  "dependencies": {
    "cloudmersive-security-api-client": "^1.2.0"
  }

With that out of the way, we can now call the function (including our API key and user-facing text input):

var CloudmersiveSecurityApiClient = require('cloudmersive-security-api-client');
var defaultClient = CloudmersiveSecurityApiClient.ApiClient.instance;

// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';



var apiInstance = new CloudmersiveSecurityApiClient.ContentThreatDetectionApi();

var value = "value_example"; // String | User-facing text input.


var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.contentThreatDetectionProtectXss(value, callback);

That’s all there is to it — now we can easily normalize text input and avoid cross-site scripting threats.