In PHP to filter inputs data I use functions htmlspecialchars and mysql_real_escape_string. Is there any functions like this in nodejs?
I need to check all inputs in my rounter functions to prevent hacker attacks like xss. Thanks!
Asked
Active
Viewed 4,162 times
2 Answers
2
node-validator is the perfect library for this, it has many functions for both validation and sanitation / filtering, for example:
entityDecode() //Decode HTML entities
entityEncode()
xss() //Remove common XSS attack vectors from text (default)
xss(true) //Remove common XSS attack vectors from images
or
contains(str)
notContains(str)
regex(pattern, modifiers) //Usage: regex(/[a-z]/i) or regex('[a-z]','i')
notRegex(pattern, modifiers)
len(min, max) //max is optional
isUUID(version) //Version can be 3 or 4 or empty, see http://en.wikipedia.org/wiki/Universally_unique_identifier
isDate() //Uses Date.parse() - regex is probably a better choice
isAfter(date) //Argument is optional and defaults to today
isBefore(date) //Argument is optional and defaults to today
isIn(options) //Accepts an array or string
alessioalex
- 62,577
- 16
- 155
- 122
-
Thanks. Is there php-like strip_tags function in that library? – Erik Jan 10 '12 at 16:11
-
I didn't see it, but here it is `function strip_tags(oldString) { return oldString.replace(/(<([^>]+)>)/ig,""); }` – alessioalex Jan 10 '12 at 16:21
0
There is a NodeJS package for the Google Caja HTML sanitizer. Or you use the answer provided here:
function escapeHtml(unsafe) {
return unsafe
.replace(/&/g, "&")
.replace(/</g, "<")
.replace(/>/g, ">")
.replace(/"/g, """)
.replace(/'/g, "'");
}
For SQL it depends on what library you are using, but most of them will escape parameterized queries.
