Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
JavaScript::Value::EscUser3Contributed Perl DocumeJavaScript::Value::Escape(3)

NAME
       JavaScript::Value::Escape - Avoid XSS with JavaScript value
       interpolation

SYNOPSIS
	 use JavaScript::Value::Escape;

	 my $escaped = javascript_value_escape(q!&foo"bar'</script>!);
	 # $escaped is "\u0026foo\u0022bar\u0027\u003c\/script\u003e"

	 my $html_escaped = javascript_value_escape(Text::Xslate::Util::escape_html(q!&foo"bar'</script>!));

	 print <<EOF;
	 <script>
	 var param = '$escaped';
	 alert(param);

	 document.write('$html_escaped');

	 </script>
	 EOF

DESCRIPTION
       There are a lot of XSS, a security hole typically found in web
       applications, caused by incorrect (or lack of) JavaScript escaping.
       This module aims	to provide secure JavaScript escaping to avoid XSS
       with JavaScript values.

       The escaping routine JavaScript::Value::Escape provides escapes for
       q!"!, q!'!, q!&!, q!=!, q!-!, q!+!, q!;!, q!<!, q!>!, q!/!, q!\!	and
       control characters to JavaScript	unicode	entities like "\u0026".

EXPORT FUNCTION
       javascript_value_escape($value :Str) :Str
	   Escape a string. The	argument of this function must be a text
	   string (a.k.a. UTF-8	flagged	string,	Perl's internal	form).

	   This	is exported by default.

       js($value :Str) :Str
	   Alias to "javascript_value_escape()"	for convenience.

	   This	is exported by your request.

AUTHOR
       Masahiro	Nagano <kazeburo {at} gmail.com>

THANKS TO
       Fuji, Goro (gfx)

SEE ALSO
       <http://subtech.g.hatena.ne.jp/mala/20100222/1266843093>	- About	XSS
       caused by buggy JavaScript escaping for HTML script sections (Japanese)

       <http://blog.nomadscafe.jp/2010/11/htmlscript.html> - Wrote a module
       (JavaScript::Value::Escape) to escape data for HTML script sections
       (Japanese)

       <https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet>
       - Preventing XSS	(Cross Site Scripting) (English)

       RFC4627 - The application/json Media Type for JSON

LICENSE
       This library is free software; you can redistribute it and/or modify it
       under the same terms as Perl itself.

perl v5.32.1			  2021-11-04	  JavaScript::Value::Escape(3)

NAME | SYNOPSIS | DESCRIPTION | EXPORT FUNCTION | AUTHOR | THANKS TO | SEE ALSO | LICENSE

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=JavaScript::Value::Escape&sektion=3&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help