errorhandler
Advanced tools
Comparing version 1.0.2 to 1.1.0
@@ -0,1 +1,12 @@ | ||
1.1.0 / 2014-06-16 | ||
================== | ||
* Display error on console formatted like `throw` | ||
* Escape HTML with `escape-html` module | ||
* Escape HTML in stack trace | ||
* Escape HTML in title | ||
* Fix up edge cases with error sent in response | ||
* Set `X-Content-Type-Options: nosniff` header | ||
* Use accepts for negotiation | ||
1.0.2 / 2014-06-05 | ||
@@ -2,0 +13,0 @@ ================== |
77
index.js
@@ -12,13 +12,6 @@ /*! | ||
var fs; | ||
try { | ||
fs = require('graceful-fs'); | ||
} catch (_) { | ||
fs = require('fs'); | ||
} | ||
var accepts = require('accepts') | ||
var escapeHtml = require('escape-html'); | ||
var fs = require('fs'); | ||
// environment | ||
var env = process.env.NODE_ENV || 'development'; | ||
/** | ||
@@ -50,10 +43,35 @@ * Error handler: | ||
exports = module.exports = function errorHandler(){ | ||
// get environment | ||
var env = process.env.NODE_ENV || 'development' | ||
return function errorHandler(err, req, res, next){ | ||
if (err.status) res.statusCode = err.status; | ||
if (res.statusCode < 400) res.statusCode = 500; | ||
if ('test' != env) console.error(err.stack); | ||
if (res._header) return; | ||
var accept = req.headers.accept || ''; | ||
// respect err.status | ||
if (err.status) { | ||
res.statusCode = err.status | ||
} | ||
// default status code to 500 | ||
if (res.statusCode < 400) { | ||
res.statusCode = 500 | ||
} | ||
// write error to console | ||
if (env !== 'test') { | ||
console.error(err.stack || String(err)) | ||
} | ||
// cannot actually respond | ||
if (res._header) { | ||
return req.socket.destroy() | ||
} | ||
// negotiate | ||
var accept = accepts(req) | ||
var type = accept.types('html', 'json', 'text') | ||
// Security header for content sniffing | ||
res.setHeader('X-Content-Type-Options', 'nosniff') | ||
// html | ||
if (~accept.indexOf('html')) { | ||
if (type === 'html') { | ||
fs.readFile(__dirname + '/public/style.css', 'utf8', function(e, style){ | ||
@@ -65,9 +83,9 @@ if (e) return next(e); | ||
.split('\n').slice(1) | ||
.map(function(v){ return '<li>' + v + '</li>'; }).join(''); | ||
.map(function(v){ return '<li>' + escapeHtml(v).replace(/ /g, ' ') + '</li>'; }).join(''); | ||
html = html | ||
.replace('{style}', style) | ||
.replace('{stack}', stack) | ||
.replace('{title}', exports.title) | ||
.replace('{title}', escapeHtml(exports.title)) | ||
.replace('{statusCode}', res.statusCode) | ||
.replace(/\{error\}/g, escapeHTML(err.toString().replace(/\n/g, '<br/>'))); | ||
.replace(/\{error\}/g, escapeHtml(String(err)).replace(/ /g, ' ').replace(/\n/g, '<br>')); | ||
res.setHeader('Content-Type', 'text/html; charset=utf-8'); | ||
@@ -78,3 +96,3 @@ res.end(html); | ||
// json | ||
} else if (~accept.indexOf('json')) { | ||
} else if (type === 'json') { | ||
var error = { message: err.message, stack: err.stack }; | ||
@@ -88,3 +106,3 @@ for (var prop in err) error[prop] = err[prop]; | ||
res.setHeader('Content-Type', 'text/plain'); | ||
res.end(err.stack); | ||
res.end(err.stack || String(err)); | ||
} | ||
@@ -99,18 +117,1 @@ }; | ||
exports.title = 'Connect'; | ||
/** | ||
* Escape the given string of `html`. | ||
* | ||
* @param {String} html | ||
* @return {String} | ||
* @api private | ||
*/ | ||
function escapeHTML(html){ | ||
return String(html) | ||
.replace(/&(?!\w+;)/g, '&') | ||
.replace(/</g, '<') | ||
.replace(/>/g, '>') | ||
.replace(/"/g, '"'); | ||
}; |
{ | ||
"name": "errorhandler", | ||
"description": "connect's default error handler page", | ||
"version": "1.0.2", | ||
"version": "1.1.0", | ||
"author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)", | ||
"license": "MIT", | ||
"repository": "expressjs/errorhandler", | ||
"dependencies": { | ||
"accepts": "1.0.3", | ||
"escape-html": "1.0.1" | ||
}, | ||
"devDependencies": { | ||
"connect": "3", | ||
"istanbul": "0.2.10", | ||
"mocha": ">= 1.17.0 < 2", | ||
"mocha": "~1.20.1", | ||
"should": "~4.0.1", | ||
@@ -13,0 +17,0 @@ "supertest": "~0.13.0" |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
7272
2
+ Addedaccepts@1.0.3
+ Addedescape-html@1.0.1
+ Addedaccepts@1.0.3(transitive)
+ Addedescape-html@1.0.1(transitive)
+ Addedmime@1.2.11(transitive)
+ Addednegotiator@0.4.6(transitive)