Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
express-xss-filter
Advanced tools
Readme
npm install xss
npm install express-xss-filter
const expressXssFilter = require('express-xss-filter')
expressXssFilter接受两个参数,第一个参数为字符串或者数组,表示进行过滤的请求参数,可选值为body、 query、 params,当第一个参数为空时,默认全选。第二个参数用来配置过滤的规则,包括自定义白名单以及匹配标签属性的处理方法等。
作为全局中间件使用
const express = require('express')
const app = express()
app.use(express.json())
// 引入express-xss-filter
const expressXssFilter = require('express-xss-filter')
// 使用app.use调用,默认过滤全部参数
app.use(expressXssFilter())
app.post('/',function (req,res) {
console.log(req.body)
})
app.listen(3010, function () {
console.log('server running at http://127.0.0.1:3010')
})
作为路由中间件使用
const express = require('express')
const router = express.Router()
const expressXssFilter = require('express-xss-filter')
// 对body中的数据进行过滤
router.post('/test', expressXssFilter('body') ,(req, res) => {
console.log(req.body)
})
module.exports = router
在调用 expressXssFilter 中间件进行过滤时,可通过第二个参数来设置自定义规则
// 定义白名单
const options = {
whiteList: {
a: ['href', 'title', 'target']
}
}
router.post('/test', expressXssFilter(options) ,(req, res) => {
console.log(req.body)
})
更多的过滤规则,请参考 xss 的官方文档
FAQs
Xss-based express middleware for filtering front-end request data
The npm package express-xss-filter receives a total of 0 weekly downloads. As such, express-xss-filter popularity was classified as not popular.
We found that express-xss-filter demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.