How to secure socket.io from code injection?

Question

So i'm developing a socket.io real-time web-app. The first concern of mine was "What if some evil-minded user tries to inject some code via Dev Tools or Firebug?" and i've got my answer here on SO. My next concern is: "What if some evil-minded user tries to inject some code via chat and/or other form of string inputs?" and I've came to the conclusion that I can't figure this out by myself. I know that I can use regex to find if the user is trying to inject code but once the code is sent to server and stored to a string it is executed. (ex: var data = " *asd "; while(1);* "; [ where the user sent string is the one between * ] ). So my question is: How can i prevent this? in other words How do I sanitize the user input?

Answer 1

You can encode the user input using encodeURIComponent(userstring);

Example:

var userData = encodeURIComponent(" *asd "; while(1);* ");