This is a simple library for making a string that can't be XSSed. Look at this example:
// with a string without HTML
> "Here's a string without HTML injection".safe()
< "Here's a string without HTML injection"
// XSS/HTML injection
> "XSS goes here: <img src='' onerror='alert()'>".safe()
< "XSS goes here: <img src='' onerror='alert()'>"
And what do we need to use this?
String.prototype.safe = function () {
if (typeof this == "number") {return this}
return this.split('').join('')
.replace(/</g, "<")
.replace(/>/g, ">")
}
Or use as a function:
const Safe = function (s) {
if (typeof s == "number") {return s}
return s.split('').join('')
.replace(/</g, "<")
.replace(/>/g, ">")
}
It's a pretty simple script, right? This is a repackage of https://npmjs.com/package/string.prototype.safe, because why an entire npm package when you can copy some code.