breach-helper
v0.1.0
Published
Random length HTML comments to mitigate BREACH attacks
Downloads
9
Readme
BREACH helper for Node
One way to protect yourself against the BREACH attack is to add random-length comments to your HTML. This little module helps with that!
It's inspired by breach-mitigation-rails.
Usage with Express
After installing with npm install breach-helper
, add this to your app code:
app.locals.breachHelper = require('breach-helper');
Now, the function breachHelper
will be available to all your views.
To use it with Jade, put this somewhere in your HTML:
!= breachHelper()
To use it with EJS, put this somewhere in your HTML:
<%- breachHelper() %>
Usage with Hapi
After installing with npm install breach-helper
, add the breachHelper
property when you render things:
var breachHelper = require('breach-helper');
// ...
server.route({
method: 'GET', path: '/',
handler: function(req, reply) {
reply.view('index', {
breachHelper: breachHelper
});
}
});
To use it with Jade, put this somewhere in your HTML:
!= breachHelper()
To use it with EJS, put this somewhere in your HTML:
<%- breachHelper() %>
Usage elsewhere
This module just exports one function. That function returns a string that's a variable-length HTML comment. If you want to use this in another context, you can use that function!
var breachHelper = require('breach-helper');
breachHelper(); // "<!--ABCD420...-->"
breachHelper(); // "<!--69XYZZY...-->"
Enjoy.