breach-helper

BREACH helper for Node

One way to protect yourself against the BREACH attack is to add random-length comments to your HTML. This little module helps with that!

It's inspired by breach-mitigation-rails.

Usage with Express

After installing with npm install breach-helper, add this to your app code:

app.locals.breachHelper = require('breach-helper');

Now, the function breachHelper will be available to all your views.

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage with Hapi

After installing with npm install breach-helper, add the breachHelper property when you render things:

var breachHelper = require('breach-helper');

// ...

server.route({
  method: 'GET', path: '/',
  handler: function(req, reply) {
    reply.view('index', {
      breachHelper: breachHelper
    });
  }
});

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage elsewhere

This module just exports one function. That function returns a string that's a variable-length HTML comment. If you want to use this in another context, you can use that function!

var breachHelper = require('breach-helper');
breachHelper(); // "<!--ABCD420...-->"
breachHelper(); // "<!--69XYZZY...-->"

Enjoy.