GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
JavaScript::Value::Escape(3) User Contributed Perl Documentation JavaScript::Value::Escape(3)

JavaScript::Value::Escape - Avoid XSS with JavaScript value interpolation 

  use JavaScript::Value::Escape;

  my $escaped = javascript_value_escape(q!&foo"bar'</script>!);
  # $escaped is "\u0026foo\u0022bar\u0027\u003c\/script\u003e"

  my $html_escaped = javascript_value_escape(Text::Xslate::Util::escape_html(q!&foo"bar'</script>!));

  print <<EOF;
  <script>
  var param = '$escaped';
  alert(param);

  document.write('$html_escaped');

  </script>
  EOF

There are a lot of XSS, a security hole typically found in web applications, caused by incorrect (or lack of) JavaScript escaping. This module aims to provide secure JavaScript escaping to avoid XSS with JavaScript values.

The escaping routine JavaScript::Value::Escape provides escapes for q!"!, q!'!, q!&!, q!=!, q!-!, q!+!, q!;!, q!<!, q!>!, q!/!, q!\! and control characters to JavaScript unicode entities like "\u0026".

javascript_value_escape($value :Str) :Str
Escape a string. The argument of this function must be a text string (a.k.a. UTF-8 flagged string, Perl's internal form).

This is exported by default.

js($value :Str) :Str
Alias to "javascript_value_escape()" for convenience.

This is exported by your request.

Masahiro Nagano <kazeburo {at} gmail.com>

Fuji, Goro (gfx)

<http://subtech.g.hatena.ne.jp/mala/20100222/1266843093> - About XSS caused by buggy JavaScript escaping for HTML script sections (Japanese)

<http://blog.nomadscafe.jp/2010/11/htmlscript.html> - Wrote a module (JavaScript::Value::Escape) to escape data for HTML script sections (Japanese)

<https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet> - Preventing XSS (Cross Site Scripting) (English)

RFC4627 - The application/json Media Type for JSON

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
2022-04-08 perl v5.32.1
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.