Web-Security
Securing web application by preventing cross site scripting (XSS) attack across the browsers.
Copyright (randomrise.com)
Copyright © http://randomrise.com, as an published work. All rights reserved.
This software is the property of randomrise technology
This software intend to provide open source (FREE TO USE) but any reproduction is not allowed
@contact: http://randomrise.com
@author: ChandraShekher Polimera (linkedin: chandrashekherpolimera | email: chandrashekher@techie.com)
@github: https://github.com/chandragithub/web-security
@date: 14/08/2016
@version: 0.0.3 (beta)
Description:
It prevents cross site scripting (xss) attack across the browsers.
what is a cross site scripting attack (xss)?
Cross-site scripting (XSS) is a code injection attack that allows an attacker to execute malicious JavaScript in another user's browser
Types of XSS attack?
- Persistent XSS
where the malicious string originates from the website's database.
- Reflected XSS
where the malicious string originates from the victim's request.
- DOM-based XSS
where the vulnerability is in the client-side code rather than the server-side code.
Prevention Method:
- @param: unSafeHtmlString
escape(param) {};
- @param: unSafeHtmlString
strictEscape(param) {};
- @param: safeHtmlString
reverseEscape(param) {};
- @param: safeHtmlString
unescape(param) {};
- @param: unSafeHtmlString
removeUnsafe(param) {};
- safeUrl() {};
- unSafeUrl() {};
Installation
NodeJs
npm install web-security
API
var xs = require('web-security')
Browser
<script type="text/javascript" src="web-security.js"> </script>
<script>
var xs = webSecurity;
</script>
Usage.
escape
var htmlStr = "<script> alert(document.cookie); </script>";
xs.escape(htmlStr);
strictEscape
var htmlStr = "<script> alert(document.cookie); </script>";
xs.strictEscape(htmlStr);
reverseEscape
var htmlStr = "<script> alert(document.cookie); </script>";
xs.reverseEscape(htmlStr);
unescape
var htmlStr = "<script> alert(document.cookie); </script>";
xs.unescape(htmlStr);
removeUnsafe
var htmlStr = "<script> alert(document.cookie); </script>";
xs.removeUnsafe(htmlStr);
removeStrictUnsafe
var htmlStr = "<script> alert(document.cookie); </script>";
xs.removeStrictUnsafe(htmlStr);
safeUrl
var url = "http://randomrise.com/?<script> document.cookie </script>";
xs.safeUrl(url);
unSafeUrl
var url = "http://randomrise.com/?<script> document.cookie </script>";
xs.unSafeUrl(url);