Preventing XSS in Node.js / server side javascript

Question

Any idea how one would go about preventing XSS attacks on a node.js app? Any libs out there that handle removing javascript in hrefs, onclick attributes,etc. from POSTed dat

Answer 1

Try out the npm module strip-js. It performs the following actions:

• Sanitizes HTML
• Removes script tags
• Removes attributes such as "onclick", "onerror", etc. which contain JavaScript code
• Removes "href" attributes which contain JavaScript code

https://www.npmjs.com/package/strip-js