errorhandler - npm Package Compare versions

errorhandler

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.0.2 to 1.1.0

History.md

		@@ -0,1 +1,12 @@
		1.1.0 / 2014-06-16
		==================

		* Display error on console formatted like `throw`
		* Escape HTML with `escape-html` module
		* Escape HTML in stack trace
		* Escape HTML in title
		* Fix up edge cases with error sent in response
		* Set `X-Content-Type-Options: nosniff` header
		* Use accepts for negotiation

		1.0.2 / 2014-06-05
		@@ -2,0 +13,0 @@ ==================

index.js

		@@ -12,13 +12,6 @@ /*!

		var fs;
		try {
		fs = require('graceful-fs');
		} catch (_) {
		fs = require('fs');
		}
		var accepts = require('accepts')
		var escapeHtml = require('escape-html');
		var fs = require('fs');

		// environment

		var env = process.env.NODE_ENV \|\| 'development';

		/**
		@@ -50,10 +43,35 @@ * Error handler:
		exports = module.exports = function errorHandler(){
		// get environment
		var env = process.env.NODE_ENV \|\| 'development'

		return function errorHandler(err, req, res, next){
		if (err.status) res.statusCode = err.status;
		if (res.statusCode < 400) res.statusCode = 500;
		if ('test' != env) console.error(err.stack);
		if (res._header) return;
		var accept = req.headers.accept \|\| '';
		// respect err.status
		if (err.status) {
		res.statusCode = err.status
		}

		// default status code to 500
		if (res.statusCode < 400) {
		res.statusCode = 500
		}

		// write error to console
		if (env !== 'test') {
		console.error(err.stack \|\| String(err))
		}

		// cannot actually respond
		if (res._header) {
		return req.socket.destroy()
		}

		// negotiate
		var accept = accepts(req)
		var type = accept.types('html', 'json', 'text')

		// Security header for content sniffing
		res.setHeader('X-Content-Type-Options', 'nosniff')

		// html
		if (~accept.indexOf('html')) {
		if (type === 'html') {
		fs.readFile(__dirname + '/public/style.css', 'utf8', function(e, style){
		@@ -65,9 +83,9 @@ if (e) return next(e);
		.split('\n').slice(1)
		.map(function(v){ return '<li>' + v + '</li>'; }).join('');
		.map(function(v){ return '<li>' + escapeHtml(v).replace(/ /g, '  ') + '</li>'; }).join('');
		html = html
		.replace('{style}', style)
		.replace('{stack}', stack)
		.replace('{title}', exports.title)
		.replace('{title}', escapeHtml(exports.title))
		.replace('{statusCode}', res.statusCode)
		.replace(/\{error\}/g, escapeHTML(err.toString().replace(/\n/g, '<br/>')));
		.replace(/\{error\}/g, escapeHtml(String(err)).replace(/ /g, '  ').replace(/\n/g, '<br>'));
		res.setHeader('Content-Type', 'text/html; charset=utf-8');
		@@ -78,3 +96,3 @@ res.end(html);
		// json
		} else if (~accept.indexOf('json')) {
		} else if (type === 'json') {
		var error = { message: err.message, stack: err.stack };
		@@ -88,3 +106,3 @@ for (var prop in err) error[prop] = err[prop];
		res.setHeader('Content-Type', 'text/plain');
		res.end(err.stack);
		res.end(err.stack \|\| String(err));
		}
		@@ -99,18 +117,1 @@ };
		exports.title = 'Connect';


		/**
		* Escape the given string of `html`.
		*
		* @param {String} html
		* @return {String}
		* @api private
		*/

		function escapeHTML(html){
		return String(html)
		.replace(/&(?!\w+;)/g, '&')
		.replace(/</g, '<')
		.replace(/>/g, '>')
		.replace(/"/g, '"');
		};

package.json

		{
		"name": "errorhandler",
		"description": "connect's default error handler page",
		"version": "1.0.2",
		"version": "1.1.0",
		"author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
		"license": "MIT",
		"repository": "expressjs/errorhandler",
		"dependencies": {
		"accepts": "1.0.3",
		"escape-html": "1.0.1"
		},
		"devDependencies": {
		"connect": "3",
		"istanbul": "0.2.10",
		"mocha": ">= 1.17.0 < 2",
		"mocha": "~1.20.1",
		"should": "~4.0.1",
		@@ -13,0 +17,0 @@ "supertest": "~0.13.0"

Improved metrics

Worsened metrics

Dependency changes