I am writing a tutorial page for JavaScript and to prevent xss I want to check if the user's input contains any ajax and if it does return an error string. Also any other elements that could be used for xss in the input should make it error. What would the code for this be?
Try defining a RegExp
including methods, strings which should not pass validation , utilize RegExp.prototype.test()
with string as argument
var re = /XMLHttpRequest|.\\.ajax|.\\.get|.\\.post|.\\.getScript|script/; var str = "$.post"; var res = re.test(str) ? new Error("error") : str; console.log(res)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.