node-procexss
v0.1.2
Published
Middleware to help to prevent xss attacks in your Express/Connect apps
Downloads
1,506
Readme
node-procexss
![Coverage Status](https://img.shields.io/coveralls/ziyasal/node-procexss.svg)
Middleware to help to prevent XSS attacks in your Express/Connect apps
Install
$ npm install node-procexss
API
var procexss = require('node-procexss')
procexss(options)
This middleware sanitize req.body or req.query and adds a req.dirty
flasg to identify.
Options
pattern
String - Optional. A regex to check xss. Defaults toembedded!!
whiteList
Array[String] - Optional. List of ignored urls. Defaults to[]
sanitizeBody
Boolean - Optional. If the req.body sanitize is enabled or not. Defaults totrue
sanitizeQuery
Boolean - Optional. If the req.query sanitize is enabled or not. Defaults totrue
mode
String -Optional. A flag to choose mode (sanitize | header)
sanitize
: Works on request body or query and sanitize it if xss exist.header
: AddsX-XSS-Protection
header to response.
header
Options forheader
mode (enabled, mode)
enabled
Boolean - Optional. If the header is enabled or not (see header docs). Defaults to1
.mode
String - Optional. Mode to set on the header (see header docs). Defaults to block. Defaults tosanitize
Example
Simple express example
The following is an example of some server-side code that shows basic setup.
var express = require('express')
var procexss = require('node-procexss')
var app = express()
app.use(function(req, res, next) {
req.query = url.parse(req.url, true).query
next()
})
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({
extended: false
}))
// parse application/json
app.use(bodyParser.json())
app.use(procexss(opts))
//Whitelist
app.use(procexss({
whiteList: ['/dashboard']
}))
//Mode `header` default settings
app.use(procexss({
mode: 'header'
}))
//Mode `header` with custom mode
app.use(procexss({
mode: 'header',
header: {
enabled: 1,
mode: 'foo'
}
}))