node-procexss
Middleware to help to prevent XSS attacks in your Express/Connect apps
Install
$ npm install node-procexss
API
var procexss =
procexss(options)
This middleware sanitize req.body or req.query and adds a req.dirty
flasg to identify.
Options
pattern
String - Optional. A regex to check xss. Defaults toembedded!!
whiteList
Array[String] - Optional. List of ignored urls. Defaults to[]
sanitizeBody
Boolean - Optional. If the req.body sanitize is enabled or not. Defaults totrue
sanitizeQuery
Boolean - Optional. If the req.query sanitize is enabled or not. Defaults totrue
mode
String -Optional. A flag to choose mode (sanitize | header)
sanitize
: Works on request body or query and sanitize it if xss exist.header
: AddsX-XSS-Protection
header to response.
header
Options forheader
mode (enabled, mode)
enabled
Boolean - Optional. If the header is enabled or not (see header docs). Defaults to1
.mode
String - Optional. Mode to set on the header (see header docs). Defaults to block. Defaults tosanitize
Example
Simple express example
The following is an example of some server-side code that shows basic setup.
var express = var procexss = var app = app // parse application/x-www-form-urlencodedapp // parse application/jsonapp app
//Whitelistapp
//Mode `header` default settingsapp
//Mode `header` with custom modeapp