Skip to content

infiniteloopcloud/xss-validator

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

XSS Validator

Go Report Card GoDoc License made-with-Go

XSS Validator on input fields. It covers all the payloads from the test/payloads.txt.

Usage

go get github.com/infiniteloopcloud/xss-validator
package main

import xssvalidator "github.com/infiniteloopcloud/xss-validator"

func main() {
	err := xssvalidator.Validate("input_data", xssvalidator.DefaultRules...)
	if err != nil {
		// rule triggered
	}

	// or use selected
	err = xssvalidator.Validate("input_data", []xssvalidator.Rule{
		xssvalidator.ForbiddenKeywords{},
		xssvalidator.ForbiddenHTMLUnescapeStringKeywords{},
	}...)
	if err != nil {
		// rule triggered
	}
}

Writing custom rules

Anything implements the xssvalidator.Rule can be a rule passed into the validator.

package ownrule

import (
	"errors"
	"strings"

	xssvalidator "github.com/infiniteloopcloud/xss-validator"
)

var _ xssvalidator.Rule = AlertRule{}

type AlertRule struct{}

func (a AlertRule) Check(v string) error {
	if strings.Contains(v, "alert") {
		return errors.New("contains alert")
	}

	return nil
}

About

XSS validator on input fields

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages