np
node-procexss
npm i node-procexss
np

node-procexss

Middleware to help to prevent xss attacks in your Express/Connect apps

by O(ʒ)

0.1.2 (see all)License:MITTypeScript:Not FoundCategories:Express XSS, Express XSS Sanitizer
npm i node-procexss
Readme

node-procexss Build Status Coverage Status

NPM

Middleware to help to prevent XSS attacks in your Express/Connect apps

Install

$ npm install node-procexss

API

var procexss = require('node-procexss')

procexss(options)

This middleware sanitize req.body or req.query and adds a req.dirty flasg to identify.

Options

  • pattern String - Optional. A regex to check xss. Defaults to embedded!!
  • whiteList Array[String] - Optional. List of ignored urls. Defaults to []
  • sanitizeBody Boolean - Optional. If the req.body sanitize is enabled or not. Defaults to true
  • sanitizeQuery Boolean - Optional. If the req.query sanitize is enabled or not. Defaults to true
  • mode String -Optional. A flag to choose mode (sanitize | header)
  • sanitize: Works on request body or query and sanitize it if xss exist.
  • header: Adds X-XSS-Protection header to response.
  • header Options for header mode (enabled, mode)
  • enabled Boolean - Optional. If the header is enabled or not (see header docs). Defaults to 1.
  • mode String - Optional. Mode to set on the header (see header docs). Defaults to block. Defaults to sanitize

Example

Simple express example

The following is an example of some server-side code that shows basic setup.

var express = require('express')
var procexss    = require('node-procexss')

var app = express()

//.. omitted for brevity

app.use(procexss(opts))

//Whitelist
app.use(procexss({
            whiteList: ['/dashboard'] 
            }))
//Mode `header` default settings
app.use(procexss({
                mode: 'header'
            }))
//Mode `header` with custom mode
app.use(procexss({
                mode: 'header',
                header: {
                    enabled: 1,
                    mode: 'foo'
                }
            }))

License

MIT