@turbo-tools/x-xss

Pluggable X-XSS-Protection header functionality for turbo-http based servers

Getting Started

const xxss = require('@turbo-tools/x-xss')

xXssProtection(response, reportUri='')

Does set the X-XSS-Protection header. A report uri can be set to that gets called on violations.

For more information on the X-XSS-Protection header and report formats, please consult the MDN page

Example

const xxss = require('@turbo-tools/x-xss')
xxss(response)

With turbo-http server

const http = require('turbo-http')
const xxss = require('@turbo-tools/x-xss')

// Create server
const server = http.createServer(function (req, res) {
  const text = 'X-XSS protection set'
  xxss(response, 'https://my-domain.org/xss-report')
  res.statusCode = 200
  res.setHeader('Content-Length', text.length)
  res.write(Buffer.from(text))
})

// Listen
server.listen(3000)

Installing

npm install @turbo-tools/x-xss --save

Running the tests

All tests are contained in the test.js file, and written using Jest

Run them:

npm test

If you´d like to get the coverage data in addition to runnign the tests, use:

npm run test-coverage

Built With

• NPM - Dependency Management
• Commitizen - Easy semantic commit messages
• Jest - Easy tests
• Semantic Release - Easy software releases

Contributing

Please read CONTRIBUTING.md for details on the process for submitting pull requests to us, and CODE_OF_CONDUCT.md for details on the code of conduct.

Versioning

We use SemVer for versioning. For the versions available, see the tags on this repository.

Authors

• Sebastian Golasch - Initial work - asciidisco

See also the list of contributors who participated in this project.

License

This project is licensed under the MIT License - see the LICENSE.md file for details

Acknowledgments

• Hat tip to @mafintosh for building turbo-net and turbo-http