Defend-pg-js NPM

defend-pg-js - For Defence against Cross Site Scripting and Postgresql SQL Injection

defend-pg-js prevents XSS injection attacks and SQL injection attacks in postgresql

Example

Let's say you have a <form> element and you are sending some data to backend

<form action="/backend">
  <label for="n"> Name </label>
  <input id="n" type="text" required />

  <label for="p">Email</label>
  <input id="p" type="password" />

  <input id="submit-btn" type="submit" value="Log in" />
</form>

you can pass the values of these inputs from frontend to backend

frontend

import * as axios from 'axios';

let name = document.querySelector('#n');
let pass = document.querySelector('#p');
let submitBtn = document.querySelector('#submit-btn');

submitBtn.addEventListener('click', async function (e) {
  try {
    let response = await axios.post('SOME END POINT', {
      name: name.value,
      password: pass.value,
    });
  } catch (error) {
    console.log(error);
  }
});

// TO DO: update values of name, pass using 'change' event listener

backend (express js)

const inputsAreClean = require('./defendor.js');

function Login(req,res) {
    const {name,password} = req.body;
    if(name && password) {

    // check inputs are not malicious
    if(inputsAreClean([name,password])) {
        // do something
        ...
        ...
    }
}

sanitization xss sql injection postgresql sql sanitize crosssitescripting

1.0.0

2 years ago