Security News
Fluent Assertions Faces Backlash After Abandoning Open Source Licensing
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
connect-inject
Advanced tools
connect middleware for adding any script to the response, this is a forked version of connect-livereload.
This is a slightly modified version of connect-livereload all the credits go to the author.
For further documentation refer to the author's repo connect-livereload.
npm install connect-inject --save-dev
git clone https://github.com/danielhq/connect-inject.git
this middleware can be used to inject any sort of content into the webpage e.g. [Livereload, Weinre etc]
snippet: string | Array
snippet now accepts either string or an array which will be inserted at the bottom of the page by default.
app.use(require('connect-inject')({
snippet: "<script>alert('hello world');</script>"
}));
Options are not mandatory: app.use(require('connect-inject')());
The Options have to be provided when the middleware is loaded:
e.g.:
app.use(require('connect-inject')({
snippet: "<script>alert('hello world');</script>",
ignore: ['.js', '.svg']
}));
These are the available options with the following defaults:
// these files will be ignored
ignore: ['.js', '.css', '.svg', '.ico', '.woff', '.png', '.jpg', '.jpeg'],
// this function is used to determine if the content of `res.write` or `res.end` is html.
html: function (str) {
return /<[:_-\w\s\!\/\=\"\']+>/i.test(str);
},
// rules are provided to find the place where the snippet should be inserted.
// the main problem is that on the server side it can be tricky to determine if a string will be valid html on the client.
// the function `fn` of the first `match` is executed like this `body.replace(rule.match, rule.fn);`
// the function `fn` has got the arguments `fn(w, s)` where `w` is the matches string and `s` is the snippet.
rules: [{
match: /<\/body>/,
fn: prepend
}, {
match: /<\/html>/,
fn: prepend
}, {
match: /<\!DOCTYPE.+>/,
fn: append
}],
// snippet taks a string argument which can be anything you want, and will be appended (by default) before </body> tag
snippet: "<script>alert('hello world');</script>"
The following example is from an actual Gruntfile that uses grunt-contrib-connect
connect: {
options: {
port: 3000,
hostname: 'localhost'
},
dev: {
options: {
middleware: function (connect) {
return [
require('connect-inject')({ snippet: "<script>alert('hello world');</script>"}),
mountFolder(connect, '.tmp'),
mountFolder(connect, 'app')
];
}
}
}
}
For use as middleware in grunt simply add the following to the top of your array of middleware.
require('connect-inject')(),
You can pass in options to this call if you do not want the defaults.
dev
is simply the name of the server being used with the task grunt connect:dev
. The other items in the middleware
array are all functions that either are of the form function (req, res, next)
like checkForDownload
or return that like mountFolder(connect, 'something')
.
This is a slightly modified version of connect-livereload all the credits go to the author.
FAQs
connect middleware for adding any script to the response
The npm package connect-inject receives a total of 11,561 weekly downloads. As such, connect-inject popularity was classified as popular.
We found that connect-inject demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Fluent Assertions is facing backlash after dropping the Apache license for a commercial model, leaving users blindsided and questioning contributor rights.
Research
Security News
Socket researchers uncover the risks of a malicious Python package targeting Discord developers.
Security News
The UK is proposing a bold ban on ransomware payments by public entities to disrupt cybercrime, protect critical services, and lead global cybersecurity efforts.