Don't like ads? PRO users don't see any ads ;-)
Public Pastes
Guest

Untitled

By: a guest on Jun 16th, 2012  |  syntax: None  |  size: 0.61 KB  |  hits: 17  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. var htmlEscape = function(html){
  2.         return String(html)
  3.         .replace(/&(?!\w+;)/g, '&')
  4.         .replace(/</g, '<')
  5.         .replace(/>/g, '>')
  6.         .replace(/"/g, '"');
  7. };
  8. var xssQQ = function(obj) {
  9.         console.log("before xssQQ");
  10.         console.dir(obj);
  11.         for(var key in obj) {
  12.                 if(obj[key] instanceof Object && !(obj[key] instanceof String)) {
  13.                         obj[key] = xssQQ(obj[key]);
  14.                 } else if (obj[key] instanceof String || typeof(obj[key]) == "string") {
  15.                         obj[key] = htmlEscape(obj[key]);
  16.                 } else {
  17.                         obj[key] = obj[key];
  18.                 }
  19.         }
  20.         console.log("after xssQQ");
  21.         console.dir(obj);
  22.         return obj;
  23. }
  24.  
  25. /*
  26.  * example usage
  27.  */
  28. xssQQ(req.query);
  29. xssQQ(req.body);
create a new version of this paste RAW Paste Data