I am using dvwright/xss-mw middleware in Go to detect xss. This middleware auto remove xss from user submitted input, And request continue with valid response. I want to detect xss and if there is any xss script then through a error instead of simply removing xss.
My code is here.
package main
import (
"github.com/dvwright/xss-mw"
"github.com/gin-gonic/gin"
"net/http"
)
func main() {
r := gin.Default()
// include as standard middleware
var xssMdlwr xss.XssMw
r.Use(xssMdlwr.RemoveXss())
r.GET("/ping", func(c *gin.Context) {
c.JSON(200, gin.H{
"message": "pong",
})
})
type Login struct {
User string `form:"user" json:"user" binding:"required"`
Password string `form:"password" json:"password" binding:"required"`
}
r.POST("/login", func(c *gin.Context) {
var json Login
if c.BindJSON(&json) == nil {
if json.User == "manu" && json.Password == "123" {
c.JSON(http.StatusOK, gin.H{"status": "you are logged in"})
} else {
c.JSON(http.StatusUnauthorized, gin.H{"status": "unauthorized"})
}
}
})
r.Run() // listen and serve on 0.0.0.0:8080
}
Please help me out.