breach-helper

Random length HTML comments to mitigate BREACH attacks

latest

Source

npm

Version: 0.1.0

Version published: 12 years ago

Maintainers: 1

Created: 12 years ago

Source

BREACH helper for Node

One way to protect yourself against the BREACH attack is to add random-length comments to your HTML. This little module helps with that!

It's inspired by breach-mitigation-rails.

Usage with Express

After installing with npm install breach-helper, add this to your app code:

app.locals.breachHelper = require('breach-helper');

Now, the function breachHelper will be available to all your views.

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage with Hapi

After installing with npm install breach-helper, add the breachHelper property when you render things:

var breachHelper = require('breach-helper');

// ...

server.route({
  method: 'GET', path: '/',
  handler: function(req, reply) {
    reply.view('index', {
      breachHelper: breachHelper
    });
  }
});

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage elsewhere

This module just exports one function. That function returns a string that's a variable-length HTML comment. If you want to use this in another context, you can use that function!

var breachHelper = require('breach-helper');
breachHelper(); // "<!--ABCD420...-->"
breachHelper(); // "<!--69XYZZY...-->"

Enjoy.

Keywords

breach

attack

security

FAQs

What is breach-helper?

Is breach-helper well maintained?

Package last updated on 30 Jun 2014

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install