How to Protect Text Input from Cross-Site-Scripting (XSS) Attacks with JavaScript

Protecting your website against Cross-Site-Scripting attacks can be as simple as normalizing potentially threatening scripts. That’s exactly what our XSS API does: after identifying if a string contained an XSS threat, it will return a normalized threat-free version of the string, ensuring the original threat is neutralized. You can use this API for free by structuring your API call with the below JavaScript code examples (you’ll also need to get an API key by registering a free account on our website — with zero commitments). We’ll demonstrate how you can use either XHR or jQuery to get set up in just a few incredibly simple steps.

If you’re going the XHR route, use the below code:

var data = JSON.stringify("<string>");
var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
     if(this.readyState === 4) {
          console.log(this.responseText);
     }
});
xhr.open("POST", "https://api.cloudmersive.com/security/threat-detection/content/xss/detect/string");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");
xhr.send(data);

And to install jQuery instead, run the below command:

bower install jquery

Then call the function:

var settings = {
     "url": "https://api.cloudmersive.com/security/threat-detection/content/xss/detect/string",
     "method": "POST",
     "timeout": 0,
     "headers": {
          "Content-Type": "application/json",
          "Apikey": "YOUR-API-KEY-HERE"
     },
     "data": JSON.stringify("<string>"),
};
$.ajax(settings).done(function (response) {
     console.log(response);
});

Yep, you’re already done — no more code required. You can start normalizing potential threats right away.