I grab a href value like this:
var $url = jQuery('body').find('.download a').attr('href');
How to I sanitize this value? I tried adding .text() but didn't work.
Asked
Active
Viewed 383 times
2
behkod
- 2,647
- 2
- 18
- 33
Henrik Petterson
- 6,862
- 20
- 71
- 155
-
"Sanitize"? How do you mean? – Alexander Nied Mar 01 '17 at 13:44
-
1What do you mean by 'sanitize' it? How you do that would depend on where you want to use it – Rory McCrossan Mar 01 '17 at 13:44
-
1@RoryMcCrossan With sanitize, I mean, how do I escape it? I will use this value in a variety of way so want to stop the user from adjusting this value in an attempt to exploit the site. – Henrik Petterson Mar 01 '17 at 13:45
-
use sanitize-html.js for this...use this you can achieve this... for more info https://www.npmjs.com/package/sanitize-html – Darshak Mar 01 '17 at 13:49
-
1@Darshak Is there no way to do this without using a third-party code? – Henrik Petterson Mar 01 '17 at 13:51
-
1@HenrikPetterson `I will use this value in a variety of way so want to stop the user from adjusting this value in an attempt to exploit the site.` How will you do that? – Ionut Necula Mar 01 '17 at 13:54
-
@HenrikPetterson You could do it without 3rd party code, but you would just be reinventing the wheel. Often it is better to use a 3rd party library, especially for stuff like this. An open-source library has likely already been tested over a wide range of situations and may account for stuff you don't think of, thus likely being more secure than a do-it-yourself solution. Don't fall victim to the "not invented here syndrome", it will more often hurt you than help you. – Useless Code Mar 01 '17 at 18:36
1 Answers
0
There are plenty of things you need consider depending on where you need to use $url.
This link is very useful, apply principals as you read
I'm sure the above link provides either a fundamental knowledge or checklist for every JS engineer trying to create secure software.
behkod
- 2,647
- 2
- 18
- 33