Preventing XSS in Node.js / server side javascript

Question

Any idea how one would go about preventing XSS attacks on a node.js app? Any libs out there that handle removing javascript in hrefs, onclick attributes,etc. from POSTed dat

Answer 1

You should try library npm "insane". https://github.com/bevacqua/insane

I try in production, it works well. Size is very small (around ~3kb gzipped).

• Sanitize html
• Remove all attributes or tags who evaluate js
• You can allow attributes or tags that you don't want sanitize

The documentation is very easy to read and understand. https://github.com/bevacqua/insane