What is the best way to sanitize message content on the server side which

Question

0

Asked: May 19, 20262026-05-19T22:12:48+00:00 2026-05-19T22:12:48+00:00

What is the best way to sanitize message content on the server side which

0

What is the best way to sanitize message content on the server side which is received from client as one of the query string parameters? This message is also meant to be resend to other connected clients so it have be secure in terms of code execution or injection (JavaScript or HTML) on server or client side.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-19T22:12:49+00:00

To protect node.js against XSS I borrowed this from snippet jade:

/**
 * Escape the given string of `html`.
 *
 * @param {String} html
 * @return {String}
 * @api private
 */

function sanitize(html){
    return String(html)
        .replace(/&(?!\w+;)/g, '&amp;')
        .replace(/</g, '&lt;')
        .replace(/>/g, '&gt;')
        .replace(/"/g, '&quot;');
}

P.S: You should always do proper server-side filtering

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

What is the best way to sanitize message content on the server side which

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply