Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

web-security

Package Overview
Dependencies
Maintainers
1
Versions
4
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

web-security

For ReadMe.md file visit my Github

  • 0.0.3
  • Source
  • npm
  • Socket score

Version published
Weekly downloads
3
Maintainers
1
Weekly downloads
 
Created
Source

Web-Security

Securing web application by preventing cross site scripting (XSS) attack across the browsers.

  Copyright © http://randomrise.com, as an published work.  All rights reserved.
  This software is the property of randomrise technology
  This software intend to provide open source (FREE TO USE) but any reproduction is not allowed

  @contact: http://randomrise.com 
  @author: ChandraShekher Polimera (linkedin: chandrashekherpolimera | email: chandrashekher@techie.com)
  @github: https://github.com/chandragithub/web-security
  @date: 14/08/2016
  @version: 0.0.3 (beta)

Description:

It prevents cross site scripting (xss) attack across the browsers.

what is a cross site scripting attack (xss)?

Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser

Types of XSS attack?

  -  Persistent XSS
     where the malicious string originates from the website's database.
  
  -  Reflected XSS
     where the malicious string originates from the victim's request.
  
  -  DOM-based XSS
     where the vulnerability is in the client-side code rather than the server-side code.

Prevention Method:

- @param: unSafeHtmlString
  escape(param) {};

- @param: unSafeHtmlString
  strictEscape(param) {};

- @param: safeHtmlString
  reverseEscape(param) {};

- @param: safeHtmlString
  unescape(param) {};

- @param: unSafeHtmlString
  removeUnsafe(param) {};

- safeUrl() {};

- unSafeUrl() {};

Installation

NodeJs

npm install web-security

API

var xs = require('web-security')

Browser

   <script type="text/javascript" src="web-security.js"> </script>
   <script>
      var xs = webSecurity;
   </script>

Usage.

escape

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.escape(htmlStr);
   
   // output: "&lt;script&gt alert(document.cookie); &lt/script&gt"

strictEscape

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.strictEscape(htmlStr);
   
   // output: "&lt;script&gt alert&#40;document.cookie&#41;&#59; &lt/script&gt"

reverseEscape

   var htmlStr = "&lt;script&gt alert&#40;document.cookie&#41;&#59; &lt/script&gt";
   xs.reverseEscape(htmlStr);
   
   // output: "<script> alert(document.cookie); </script>"

unescape

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.unescape(htmlStr);
   
   // output: "<script> alert(document.cookie); </script>"

removeUnsafe

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.removeUnsafe(htmlStr);
   
   // output: "script alert(document.cookie); /script"

removeStrictUnsafe

   var htmlStr = "<script> alert(document.cookie); </script>";
   xs.removeStrictUnsafe(htmlStr);
   
   // output: "script alertdocument.cookie /script"

safeUrl

   var url = "http://randomrise.com/?<script> document.cookie </script>";
   xs.safeUrl(url);
   
   // it will reload/refresh the page without search parameter.

unSafeUrl

   var url = "http://randomrise.com/?<script> document.cookie </script>";
   xs.unSafeUrl(url);
   
   // it will reload/refresh the page  with search parameter.

Keywords

FAQs

Package last updated on 14 Aug 2016

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc