https://github.com/infiniteloopcloud/xss-validator
XSS validator on input fields
https://github.com/infiniteloopcloud/xss-validator
Last synced: about 2 months ago
JSON representation
XSS validator on input fields
- Host: GitHub
- URL: https://github.com/infiniteloopcloud/xss-validator
- Owner: infiniteloopcloud
- License: mit
- Created: 2022-06-02T11:28:07.000Z (about 4 years ago)
- Default Branch: main
- Last Pushed: 2022-07-01T05:11:13.000Z (about 4 years ago)
- Last Synced: 2024-06-20T22:35:51.902Z (about 2 years ago)
- Language: Go
- Size: 59.6 KB
- Stars: 3
- Watchers: 3
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# XSS Validator
[](https://goreportcard.com/report/github.com/infiniteloopcloud/xss-validator) [](https://godoc.org/github.com/infiniteloopcloud/xss-validator) [](https://opensource.org/licenses/Apache-2.0) [](http://golang.org)
XSS Validator on input fields. It covers all the payloads from the `test/payloads.txt`.
### Usage
```shell
go get github.com/infiniteloopcloud/xss-validator
```
```go
package main
import xssvalidator "github.com/infiniteloopcloud/xss-validator"
func main() {
err := xssvalidator.Validate("input_data", xssvalidator.DefaultRules...)
if err != nil {
// rule triggered
}
// or use selected
err = xssvalidator.Validate("input_data", []xssvalidator.Rule{
xssvalidator.ForbiddenKeywords{},
xssvalidator.ForbiddenHTMLUnescapeStringKeywords{},
}...)
if err != nil {
// rule triggered
}
}
```
### Writing custom rules
Anything implements the `xssvalidator.Rule` can be a rule passed into the validator.
```go
package ownrule
import (
"errors"
"strings"
xssvalidator "github.com/infiniteloopcloud/xss-validator"
)
var _ xssvalidator.Rule = AlertRule{}
type AlertRule struct{}
func (a AlertRule) Check(v string) error {
if strings.Contains(v, "alert") {
return errors.New("contains alert")
}
return nil
}
```