Protect Text Input from Cross-Site-Scripting (XSS) Attacks Through Normalization in Node.js
Cross-Site Scripting (XSS) is a classic form of cyber-attack. In this case victims are tricked into triggering a malicious script on a ‘trusted’ website, unwittingly sending their sensitive IP information straight into a hacker’s hands.
Cloudmersive’s Security Threat Detection API offers an easy way to detect this form of threat. Specifically, /security/threat-detection/content/xss/detect/string will protect your application by detecting AND removing XSS attacks from a text input. This API also negates any potential threat by returning a normalized result. It’s easy to implement in any common programming language — in this article, we’ll walk through how to get it working for Node.js.
We’ll begin with running the below command for SDK installation as our first step:
npm install cloudmersive-security-api-client --saveFor package.json, use this snippet:
"dependencies": {
"cloudmersive-security-api-client": "^1.2.0"
}Once the client is installed, the next step is to copy and paste the below ready-to-run code. The input parameter requires a string, so be sure to include double quotes as indicated in figure 1. Finally, at the bottom of this article, figure 1 provides a response model for the API call, indicating the format your results should appear in if the API is called correctly.
var CloudmersiveSecurityApiClient = require('cloudmersive-security-api-client');
var defaultClient = CloudmersiveSecurityApiClient.ApiClient.instance;// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';var apiInstance = new CloudmersiveSecurityApiClient.ContentThreatDetectionApi();var value = "value_example"; // String | User-facing text input.var callback = function(error, data, response) {
if (error) {
console.error(error);
} else {
console.log('API called successfully. Returned data: ' + data);
}
};
apiInstance.contentThreatDetectionProtectXss(value, callback);
