This version prevents XSS attacks by inspecting and rejecting known malicious patterns before they can be executed.
<script>alert(document.cookie)</script>
<img src=x onerror="alert('XSS')">
<iframe src='evil.com'>
function sanitizeXSS(payload) {
var patterns = [
/<script.*?>.*?<\/script>/gi,
/<img.*?onerror=["'].*?["'].*?>/gi,
/javascript:/gi,
/expression\((.*?)\)/gi,
/url\((.*?)\)/gi,
/style=.*?/gi,
/<iframe.*?>/gi
];
return patterns.some(pattern => pattern.test(payload));
}
If sanitizeXSS() finds a match, the payload is blocked and never evaluated. This protects against all forms of reflected, stored, and DOM-based XSS.