Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /**
- * method to test string for XSS
- * @name PXHLR.preventXSS
- * @type Function
- * @member PXHLR
- * @returns String that doesn't allow XSS Cross Site Scripting attack
- */
- PXHLR.preventXSS = function (str) {
- var paramStr = str;
- paramStr = paramStr.replace(/[<>]/g, '').replace(/</g, "<").replace(/>/g, ">");
- paramStr = paramStr.replace(/[\"\'][\s]*javascript:(.*)[\"\']/gi, "\"\"");
- paramStr = paramStr.replace(/script(.*)/gi, "");
- paramStr = paramStr.replace(/eval\((.*)\)/gi, "");
- return paramStr;
- };
- /**
- * method to get url params
- * @name PXHLR.getParam
- * @type Function
- * @member PXHLR
- * @requires PXHLR.preventXSS
- * @returns String as the value of the requested URL parameter
- */
- PXHLR.getParam = function(param) {
- var p = {
- vars : [],
- hashes : window.location.href.slice(window.location.href.indexOf('?') + 1).split('&'),
- i : 0
- };
- for(p.i; p.i < p.hashes.length; p.i++) {
- p.hash = p.hashes[p.i].split('=');
- p.vars.push(p.hash[0]);
- p.vars[p.hash[0]] = p.hash[1];
- }
- p.value = p.vars[param];
- if (!p.value) {
- return '';
- } else {
- return PXHLR.preventXSS(p.value);
- }
- };
- /* example use
- // set logging on with url param
- if (PXHLR.getParam('log') === '') {
- window.log = function() { return false; };
- }
- */
Add Comment
Please, Sign In to add comment
