Preventing XSS in Node.js / server side javascript

Question

Any idea how one would go about preventing XSS attacks on a node.js app? Any libs out there that handle removing javascript in hrefs, onclick attributes,etc. from POSTed dat

Answer 1

You can also look at ESAPI. There is a javascript version of the library. It's pretty sturdy.