How to Protect Text Input from XML External Entity (XXE) Attacks using JavaScript

var data = JSON.stringify("<string>");var xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function() {
if(this.readyState === 4) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api.cloudmersive.com/security/threat-detection/content/xxe/detect/xml/string");
xhr.setRequestHeader("Content-Type", "application/json");
xhr.setRequestHeader("Apikey", "YOUR-API-KEY-HERE");
xhr.send(data);
bower install jquery
var settings = {
"url": "https://api.cloudmersive.com/security/threat-detection/content/xxe/detect/xml/string",
"method": "POST",
"timeout": 0,
"headers": {
"Content-Type": "application/json",
"Apikey": "YOUR-API-KEY-HERE"
},
"data": JSON.stringify("<string>"),
};
$.ajax(settings).done(function (response) {
console.log(response);
});

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cloudmersive

Cloudmersive

436 Followers

There’s an API for that. Cloudmersive is a leader in Highly Scalable Cloud APIs.