how to prevent xss attacks in node js

Solutions on MaxInterview for how to prevent xss attacks in node js by the best coders in the world

showing results for - "how to prevent xss attacks in node js"
Karen
26 Jun 2019
1- All usual techniques apply to node.js output as well, which means:
2
3* Blacklists will not work.
4* You're not supposed to filter input in order to protect HTML output. It will not work or will work by needlessly malforming the data.
5* You're supposed to HTML-escape text in HTML output.
6- I'm not sure if node.js comes with some built-in for this, but something like that should do the job:
7
8function htmlEscape(text) {
9   return text.replace(/&/g, '&').
10     replace(/</g, '&lt;').  // it's not neccessary to escape >
11     replace(/"/g, '&quot;').
12     replace(/'/g, '&#039;');
13}