Security at NowJS

Question

Security at NowJS

I found NowJS and at first glance it looked very cool. I played with textbooks and it worked well.

Now I ask myself: is it safe? Is it not possible to implement XSS? A security issue is the biggest obstacle to using it in my applications.

Should I use socket.io as I was, or is NowJS a good way to make it a more secure way?

+4

node.js socket.io nowjs

lerion Nov 21 '11 at 14:29

source share

3 answers

XSS is what you need to protect yourself as an aganist, you need to check the incoming data and avoid it before inserting it into the document. However, a big problem would be a bug in nowjs that allow code or DOS to run a server.

+1

thejh Nov 21 '11 at 17:14

source share

Using the validator validator module , you can misinform the sent message:

everyone.now.distributeMessage = function(message) { var str = sanitize(message).xss(); everyone.now.receiveMessage(str); }

+1

georgesamper Dec 7 '11 at 5:58

source share

swatkins · Accepted Answer · 2011-11-21T17:13:22+0000

Take a look at this blog post from now.js:

http://blog.nowjs.com/nowjs-and-security

You can sanitize the entry through a server-side function on the client side. Since they do not transfer body functions, you are quite safe from injections.

Security at NowJS

More articles: