Secure XSS Demo ← Return to Demo Home

Safe Input Demonstration



Why Is This Secure?

This version prevents XSS attacks by inspecting and rejecting known malicious patterns before they can be executed.

🚫 Blocked Payload Examples:

🧠 Key Security Code:

function sanitizeXSS(payload) { var patterns = [ /<script.*?>.*?<\/script>/gi, /<img.*?onerror=["'].*?["'].*?>/gi, /javascript:/gi, /expression\((.*?)\)/gi, /url\((.*?)\)/gi, /style=.*?/gi, /<iframe.*?>/gi ]; return patterns.some(pattern => pattern.test(payload)); }

If sanitizeXSS() finds a match, the payload is blocked and never evaluated. This protects against all forms of reflected, stored, and DOM-based XSS.