Skip to main content

Function: containsXSSPatterns()

containsXSSPatterns(input): ThreatFinding[]
Defined in: validators.ts:220 Detect XSS-style payloads (script tags, event handlers, dangerous URI schemes, prototype pollution, …) in a UTF-8 input. Inputs longer than 100 000 characters are truncated before scanning to bound regex evaluation cost and prevent ReDoS on crafted payloads. Returns at most one finding — the regex catalog is exhaustive enough that the first hit is sufficient for a reject-or-sanitize decision.

Parameters

input

string String to scan.

Returns

ThreatFinding[] Empty array when nothing matches, or a single ThreatFinding of type "xss".

Example

containsXSSPatterns(`<img src=x onerror="alert(1)">`);
// → [{ type: "xss", description: "...", matchedPattern: "onerror=" }]