Create a gist now

Instantly share code, notes, and snippets.

Auto XSS atack protector
package main
import (
"html/template"
"net/http"
)
//AntiXSS is main struct on auto AntiXss Handler
type AntiXSS struct {
http.Handler
}
//New made new auto AntiXSS handler
func NewAntiXSS(handler http.Handler) http.Handler {
return &AntiXSS{handler}
}
func (h *AntiXSS) ServeHTTP(w http.ResponseWriter, r *http.Request) {
if r.Method == "POST" {
r.ParseForm()
for i := range r.Form {
for j := range r.Form[i] {
r.Form[i][j] = template.JSEscapeString(r.Form[i][j])
r.Form[i][j] = template.HTMLEscapeString(r.Form[i][j])
}
}
}
h.Handler.ServeHTTP(w, r)
}
func main() {
mux := http.DefaultServeMux
mux.HandleFunc("/", indexHandler)
server := &http.Server{
Addr: fmt.Sprintf(":%s", 8080),
Handler: NewAntiXSS(mux),
}
server.ListenAndServe()
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment