How to Protect Text Input from XML External Entity (XXE) Attacks using JavaScript

Boosting your application’s threat profile is a daunting but necessary task. There are seemingly an insurmountable number of vulnerabilities to patch — and even then, cyber threats tend to evolve like organic viruses, inexorably exploiting new weak points wherever they might appear.

With our XXE Detection API, you can take a step in the right direction and secure your XML parser from malicious input. This API is extremely straightforward & easy to use, identifying whether a given text string contained an XXE attack. You can easily configure subsequent operations to delete or deal with the problematic XML code in whichever way you choose; that’s the beautify of implementing external services with powerful specializations.

Below, we’ll walk through how you can leverage this API using ready-to-run JavaScript examples to structure your API call.

To use the built-in XHR function in JavaScript, you can simply copy & paste the following code block:

var data = JSON.stringify("<string>");var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
});"POST", "");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");

And to install with jQuery instead, you can first run the below command:

bower install jquery

Then you can call the function:

var settings = {
"url": "",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"data": JSON.stringify("<string>"),
$.ajax(settings).done(function (response) {

That’s all the code you’ll need. To authenticate access, however, you’ll need to include a Cloudmersive API key where indicated in either snippet. Getting a key is easy & can be done for free by registering a free account on our website (this account will provide a limit of 800 API calls per month with zero commitments — you can upgrade to a business plan for more bandwidth at any time).



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.