node-procexss
v0.1.2
Published
Middleware to help to prevent xss attacks in your Express/Connect apps
Downloads
1,340
Readme
node-procexss 
Middleware to help to prevent XSS attacks in your Express/Connect apps
Install
$ npm install node-procexssAPI
var procexss = require('node-procexss')procexss(options)
This middleware sanitize req.body or req.query and adds a req.dirty flasg to identify.
Options
patternString - Optional. A regex to check xss. Defaults toembedded!!whiteListArray[String] - Optional. List of ignored urls. Defaults to[]sanitizeBodyBoolean - Optional. If the req.body sanitize is enabled or not. Defaults totruesanitizeQueryBoolean - Optional. If the req.query sanitize is enabled or not. Defaults totruemodeString -Optional. A flag to choose mode (sanitize | header)
sanitize: Works on request body or query and sanitize it if xss exist.header: AddsX-XSS-Protectionheader to response.
headerOptions forheadermode (enabled, mode)
enabledBoolean - Optional. If the header is enabled or not (see header docs). Defaults to1.modeString - Optional. Mode to set on the header (see header docs). Defaults to block. Defaults tosanitize
Example
Simple express example
The following is an example of some server-side code that shows basic setup.
var express = require('express')
var procexss = require('node-procexss')
var app = express()
app.use(function(req, res, next) {
req.query = url.parse(req.url, true).query
next()
})
// parse application/x-www-form-urlencoded
app.use(bodyParser.urlencoded({
extended: false
}))
// parse application/json
app.use(bodyParser.json())
app.use(procexss(opts))
//Whitelist
app.use(procexss({
whiteList: ['/dashboard']
}))//Mode `header` default settings
app.use(procexss({
mode: 'header'
}))//Mode `header` with custom mode
app.use(procexss({
mode: 'header',
header: {
enabled: 1,
mode: 'foo'
}
}))