Secure Your Node.js Web Application

Sanitize Input for DOM XSS

DOM-based XSS is a different beast altogether, and it deserves its own section and rules. To get a thorough overview of DOM XSS and sanitizing rules, consult the OWASP DOM-based XSS Prevention Cheat Sheet.^[76] Also, if you skipped the previous section on various sanitizing rules, then go back. You need to know how to deal with first-order XSS attacks to understand how to deal with DOM XSS.

If youâre using a lot of DOM manipulation in your application, itâs prone to DOM XSS. I recommend using a JavaScript validation library designed for context-specific validations, such as the ESAPI JavaScript library^[77] from OWASP.

Treat DOM-based XSS sanitizing as a two-step challenge. First, you get the data into a JavaScript ...

Get Secure Your Node.js Web Application now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Secure Your Node.js Web Application by Karl Duuna

Sanitize Input for DOM XSS

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly