function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Farhad KeywanFarhad Keywan 

Problem in Javascript Code

Hi,

 

I am going to launch an app on appexchange  which contains javascript code and i want to prevent it from XSS Attack. In my code i am getting a list of String from Apex Class and inserting it in Javascript array and i am also harcoding some values like 'My Local' etc. Some lines of this script is given below.

 

<script type="text/javascript">

STATE = new Array();
CODE = new Array();
STATE[0] = "ALABAMA";
CODE[0] = "AL";

carray = new Array();
Keywordarray = new Array();
carray.push('My Local ');
var ci = geoip_city() + ', ' + geoip_region() + ' ';
carray.push(ci);
carray.push('All US ');
</script>
<apex:repeat value="{!KeywordList}" var="req">
<script type="text/javascript">
Keywordarray.push('{!req}');
</script>
</apex:repeat>

 

So what should i do to prevent it from XSS attack. 

I have gone through some links: 

https://www.owasp.org/index.php/XSS

https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet

http://wiki.developerforce.com/images/9/9b/XSS_Protection_S-controls.pdf

 

but could not understand. Please Help.

 

Thanks,

Soni