github.com/infiniteloopcloud/xss-validator

v0.0.0-20220701051113-03673195f8e1
Source
Go

Version published: 2 years ago

Created: 2 years ago

Source

XSS Validator

XSS Validator on input fields. It covers all the payloads from the test/payloads.txt.

Usage

go get github.com/infiniteloopcloud/xss-validator

package main

import xssvalidator "github.com/infiniteloopcloud/xss-validator"

func main() {
	err := xssvalidator.Validate("input_data", xssvalidator.DefaultRules...)
	if err != nil {
		// rule triggered
	}

	// or use selected
	err = xssvalidator.Validate("input_data", []xssvalidator.Rule{
		xssvalidator.ForbiddenKeywords{},
		xssvalidator.ForbiddenHTMLUnescapeStringKeywords{},
	}...)
	if err != nil {
		// rule triggered
	}
}

Writing custom rules

Anything implements the xssvalidator.Rule can be a rule passed into the validator.

package ownrule

import (
	"errors"
	"strings"

	xssvalidator "github.com/infiniteloopcloud/xss-validator"
)

var _ xssvalidator.Rule = AlertRule{}

type AlertRule struct{}

func (a AlertRule) Check(v string) error {
	if strings.Contains(v, "alert") {
		return errors.New("contains alert")
	}

	return nil
}

FAQs

What is github.com/infiniteloopcloud/xss-validator?

Package last updated on 01 Jul 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

github.com/infiniteloopcloud/xss-validator

XSS Validator

Usage

Writing custom rules

Related posts

Threat Actor Exposes Playbook for Exploiting npm to Build Blockchain-Powered Botnets

NVD Backlog Tops 20,000 CVEs Awaiting Analysis as NIST Prepares System Updates