Reputation: 103
How to protect against XSS attacks in Servant Framework?
I have an S2S API which takes in user input and some of that input later gets sent to the frontend. If the user data contains any html like <script> tags, I want to throw a Bad Request 400 response straightaway.
A solution I can think of for doing is this is to get the request converted to MyRequest type in haskell, and run a check on all the fields MyRequest which contain user data. But in this case, I would have to manually mention all the fields of MyRequest type and invoke my check function on all of them individually. MyRequest can also have nested types, and that would have additional complexity.
So I am wondering if there is any support at the Servant level to handle this. How do you prevent XSS attacks when using Servant Framework?
Upvotes: 0
Views: 51
Answers (0)
Related Questions
- How can I prevent XSS with HTML/PHP?
- How to protect against XSS in ASP.NET Core?
- Angular 2+ Sanitize Form Input for XSS attacks
- How to protect against XSS
- How to avoid Cross Site Scripting (XSS) attacks while using JSF and RichEditor
- Is Qooxdoo protected against XSS
- Protect WYSIWYG input from XSS attacks in PHP?
- Is String.stipTags() enough to mitigate XSS attacks?