Unable to decode a UTF-8 string

Asked Mar 07 '17 at 19:55

Active Mar 07 '17 at 20:08

Viewed 49 times

I need to decode this UTF-8 string: j&#X41vascript.

I have tried doing:

decodeURIComponent(escape('j&#X41vascript'))

which did not work, it returned the same string back.

Eventually, I would want to prevent the XSS attack originating from the attacker entering an input string like:

<IMG SRC=j&#X41vascript:alert('test2')>

How do I fix this?

edited Mar 07 '17 at 20:08

asked Mar 07 '17 at 19:55

Rahul Desai

Remember that you can't prevent XSS attacks with client-side JavaScript checks, as any user who knows their way around a browser can easily disable them. Use server-side validation for any data that is uploaded. – gyre Mar 07 '17 at 19:58
@gyre I am doing it server-side as well. This part is just for form validation. Your point is very much valid. :) – Rahul Desai Mar 07 '17 at 19:59
Have a look here: http://ourcodeworld.com/articles/read/188/encode-and-decode-html-entities-using-pure-javascript – Mario Santini Mar 07 '17 at 20:01
Are you trying to generate the image source from the string, or are you trying to detect dangerous data in existing HTML? – gyre Mar 07 '17 at 20:02
1

http://stackoverflow.com/a/9609450/1003329 Probably, would be helpful. – tulvit Mar 07 '17 at 20:05
@gyre Detect dangerous data in HTML. – Rahul Desai Mar 07 '17 at 20:09
@tulvit That did help :) – Rahul Desai Mar 07 '17 at 20:14
@RahulDesai I see the string printed as: "jAvascript", that to me seems very like what you're looking. – Mario Santini Mar 07 '17 at 20:15
@tulvit It does not work if the input string is `` – Rahul Desai Mar 07 '17 at 20:25

0 Answers0