Skip to content Skip to sidebar Skip to footer

How To Sanitize Js And Html In Inputs?

I have looked everywhere, but cannot find a simple library or tool for this. I would like to sanitise comments on my website. Currently, I can inject HTML, CSS and pretty much what

Solution 1:

Because JavaScript can be disabled, sanitation is not an operation for the frontend; this task should be performed on the backend. Best practice says...

  • Validate input (frontend)
    • Ensure that the data conforms to what you expect before submission
  • Sanitize input (backend)
    • Employ means on the backend to escape or remove unsafe characters before it reaches your application's storage layer
  • Escape output (backend)
    • As an additional safety measure, before outputting, be sure to escape anything coming from a 3rd party source

You are encouraged to validate data input on the frontend, notifying the user that certain characters are not permitted when trying to submit invalid data. In the event that JavaScript then gets disabled, your backend will still know what to with the malformed data.

Solution 2:

The NPM package sanitize-html is a package I've used before if you want a more thorough check.

Post a Comment for "How To Sanitize Js And Html In Inputs?"