How does input sanitization work in JavaScript?
Asked on Sep 05, 2024
Answer
Input sanitization in JavaScript involves cleaning user input to prevent malicious data from causing harm, such as cross-site scripting (XSS) attacks. This is typically done by removing or escaping potentially dangerous characters.
<!-- BEGIN COPY / PASTE -->
function sanitizeInput(input) {
const element = document.createElement('div');
element.innerText = input;
return element.innerHTML;
}
const userInput = "<script>alert('XSS');</script>";
const safeInput = sanitizeInput(userInput);
console.log(safeInput); // Outputs: <script>alert('XSS');</script>
<!-- END COPY / PASTE -->Additional Comment:
✅ Answered with JavaScript best practices.- The "sanitizeInput" function creates a temporary "div" element and sets its "innerText" to the user input, which automatically escapes HTML special characters.
- This method is useful for preventing XSS by converting potentially harmful HTML tags into harmless text.
- Always validate and sanitize all user inputs, especially if they are used in HTML or stored in a database.
Recommended Links:
← Back to All Questions