Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
preq-express-xml-bodyparser
Advanced tools
Readme
For those rare cases when you have to parse incoming raw xml-body requests. This middleware works with any connect- or express-based nodejs application.
Admittedly, having to deal with XML data has become less common in recent years. Still, there are services and APIs using this format. The middleware is based on the connect-json middleware as a blueprint.
There is a similar xml bodyparser module available, but you might appreciate some notable differences:
application/rss+xml
Utilize npm by typing npm install express-xml-bodyparser --save
in your projects root folder and your good to go.
You can pass configuration options into the XML parser middleware. They're exactly the same options you would use for xml2js, which this middleware relies on. For further details look at all available configuration options.
Without specifying custom options, the middleware applies some opionated defaults meant to normalize the resulting json object properties. All whitespace in text nodes will be trimmed, property and tag names will be lowercased. The parser will always return node lists explicitly cast to Array.
NOTE: Custom options will be merged with aforementioned opionated defaults, so in case you want to use xml2js
defaults, you will have to specify the following:
var xml2jsDefaults = {
explicitArray: false,
normalize: false,
normalizeTags: false,
trim: true
}
This change appeared in v0.1.0, older versions would merge options against xml2js
's default options.
There are now type-definitions available at DefinitelyTyped. In order to use them in your project, add this to your (development) dependencies:
npm install --save-dev @types/express-xml-bodyparser
Thanks to @noticeMaker for creating the type-definitions.
You can either use express-xml-bodyparser at application level, or for specific routes only.
Here is an example of an express application with default settings:
var express = require('express'),
app = express(),
http = require('http'),
server = http.createServer(app),
xmlparser = require('express-xml-bodyparser');
// .. other middleware ...
app.use(express.json());
app.use(express.urlencoded());
app.use(xmlparser());
// ... other middleware ...
app.post('/receive-xml', function(req, res, next) {
// req.body contains the parsed xml
});
server.listen(1337);
If you wanted to use express-xml-bodyparser for specific routes only, you would do something like this:
app.post('/receive-xml', xmlparser({trim: false, explicitArray: false}), function(req, res, next) {
// check req.body
});
Above example demonstrates how to pass custom options to the XML parser.
If you want to customize the regular expression that checks whether the xmlparser should do its work or not, you can provide your own by overloading the xmlparser.regexp
property, like so:
var xmlparser = require('express-xml-bodyparser');
xmlparser.regexp = /^text\/xml$/i;
Doing so, will allow you to restrict XML parsing to custom mime-types only. Thanks to @ophentis for the suggestion. Just make sure your regular expression actually matches mime-types you're interested in. The feature is available since version v0.0.5.
IMPORTANT In versions v0.2.x custom regular expressions were ignored in mime-type parsing. The issue has been fixed in v0.3.0. If you need/rely on this feature, please upgrade to a newer version. Many thanks to @dirksen who discovered this issue.
Lets start a discussion how to get to there (stable API).
Here are some thoughts:
req.body
and req.rawBody
.xmlparser
middleware's mime-type regexp in favor of passing customizations into the options parameters (perfect if using route-middlewares).FAQs
Simple XML body parser connect/express middleware
The npm package preq-express-xml-bodyparser receives a total of 145 weekly downloads. As such, preq-express-xml-bodyparser popularity was classified as not popular.
We found that preq-express-xml-bodyparser demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.