  Copyright © http://randomrise.com, as an published work.  All rights reserved.
  This software is the property of randomrise technology
  This software intend to provide open source (FREE TO USE) but any reproduction is not allowed

  @contact: http://randomrise.com 
  @author: ChandraShekher Polimera (linkedin: chandrashekherpolimera | email: chandrashekher@techie.com)
  @github: https://github.com/chandragithub/web-security
  @date: 14/08/2016
  @version: 0.0.3 (beta)

Description:

It prevents cross site scripting (xss) attack across the browsers.

what is a cross site scripting attack (xss)?

Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser

Types of XSS attack?

  -  Persistent XSS
     where the malicious string originates from the website's database.
  
  -  Reflected XSS
     where the malicious string originates from the victim's request.
  
  -  DOM-based XSS
     where the vulnerability is in the client-side code rather than the server-side code.

Prevention Method:

- @param: unSafeHtmlString
  escape(param) {};

- @param: unSafeHtmlString
  strictEscape(param) {};

- @param: safeHtmlString
  reverseEscape(param) {};

- @param: safeHtmlString
  unescape(param) {};

- @param: unSafeHtmlString
  removeUnsafe(param) {};

- safeUrl() {};

- unSafeUrl() {};

Installation

NodeJs

npm install web-security

API

var xs = require('web-security')

Browser

   <script type="text/javascript" src="web-security.js"> </script>
   <script>
      var xs = webSecurity;
   </script>

Usage.

escape

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.escape(htmlStr);
   
   // output: "&lt;script&gt alert(document.cookie); &lt/script&gt"

strictEscape

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.strictEscape(htmlStr);
   
   // output: "&lt;script&gt alert&#40;document.cookie&#41;&#59; &lt/script&gt"

reverseEscape

   var htmlStr = "&lt;script&gt alert&#40;document.cookie&#41;&#59; &lt/script&gt";
   xs.reverseEscape(htmlStr);
   
   // output: "<script> alert(document.cookie); </script>"

unescape

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.unescape(htmlStr);
   
   // output: "<script> alert(document.cookie); </script>"

removeUnsafe

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.removeUnsafe(htmlStr);
   
   // output: "script alert(document.cookie); /script"

removeStrictUnsafe

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.removeStrictUnsafe(htmlStr);
   
   // output: "script alertdocument.cookie /script"

safeUrl

   var url = "http://randomrise.com/?<script> document.cookie </script>";
   xs.safeUrl(url);
   
   // it will reload/refresh the page without search parameter.

unSafeUrl

   var url = "http://randomrise.com/?<script> document.cookie </script>";
   xs.unSafeUrl(url);
   
   // it will reload/refresh the page  with search parameter.

Keywords

FAQs

What is web-security?

Is web-security well maintained?

Package last updated on 14 Aug 2016

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

web-security

Web-Security

Copyright (randomrise.com)

Description:

what is a cross site scripting attack (xss)?

Types of XSS attack?

Prevention Method:

Installation

NodeJs

API

Browser

Usage.

escape

strictEscape

reverseEscape

unescape

removeUnsafe

removeStrictUnsafe

safeUrl

unSafeUrl

Keywords

Related posts

New React Server Components Vulnerabilities: DoS and Source Code Exposure

Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk