x-xss-protection - npm Package Compare versions

Comparing version 0.1.1 to 0.1.2

index.js

@@ -1,26 +0,33 @@
-var platform = require('platform');
-
 module.exports = function(options) {
 
   options = options || {};
-  var setOnOldIE = options.setOnOldIE;
 
-  return function(req, res, next)  {
+  if (options.setOnOldIE) {
 
-    var browser = platform.parse(req.headers['user-agent']);
-    var version = parseFloat(browser.version);
-    var isIE = browser.name === 'IE';
+    return function(req, res, next) {
+      res.setHeader('X-XSS-Protection', '1; mode=block');
+      next();
+    };
 
-    var value;
-    if ((!isIE) || (version >= 9) || (setOnOldIE)) {
-      value = '1; mode=block';
-    } else {
-      value = '0';
-    }
+  } else {
 
-    res.setHeader('X-XSS-Protection', value);
-    next();
+    return function(req, res, next)  {
 
-  };
+      var matches = /msie\s*(\d+)/i.exec(req.headers['user-agent']);
 
+      var value;
+      if (!matches || (parseFloat(matches[1]) >= 9)) {
+        value = '1; mode=block';
+      } else {
+        value = '0';
+      }
+
+      res.setHeader('X-XSS-Protection', value);
+      next();
+
+    };
+
+  }
+
+
 };

package.json

@@ -8,3 +8,3 @@ {
   "description": "Middleware to set the X-XSS-Protection header",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "keywords": [
@@ -27,9 +27,8 @@ "helmet",
   "devDependencies": {
+    "async": "^0.9.0",
     "connect": "^3.3.1",
     "mocha": "^2.0.1",
-    "supertest": "^0.14.0"
-  },
-  "dependencies": {
-    "platform": "1.3.0"
+    "rfile": "^1.0.0",
+    "supertest": "^0.15.0"
   }
 }

test/index.js

 var xssFilter = require('..');
 
-var assert = require('assert');
 var connect = require('connect');
 var request = require('supertest');
+var rfile = require('rfile');
+var each = require('async').each;
 
 describe('xssFilter', function () {
 
-  var IE_7 = 'Mozilla/5.0 (Windows; U; MSIE 7.0; Windows NT 6.0; en-US)';
-  var IE_8 = 'Mozilla/4.0 ( ; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.6; .NET CLR 3.5.30729)';
-  var IE_9 = 'Mozilla/5.0 (Windows; U; MSIE 9.0; WIndows NT 9.0; en-US)';
-  var FIREFOX_23 = 'Mozilla/5.0 (Windows NT 6.2; rv:22.0) Gecko/20130405 Firefox/23.0';
+  function grabList(filename) {
+    return rfile(filename)
+    .split('\n')
+    .filter(function (line) {
+      return line.trim() !== '';
+    });
+  }
 
+  var enabledBrowsers = grabList('./enabled_browser_list.txt');
+  var disabledBrowsers = grabList('./disabled_browser_list.txt');
+
   var app;
@@ -23,38 +30,27 @@ beforeEach(function () {
 
-  it('sets header if there is no user-agent', function (done) {
-    request(app).get('/').unset('User-Agent')
-    .expect('X-XSS-Protection', '1; mode=block', done);
+  it('enables it for supported browsers', function (done) {
+    each(enabledBrowsers, function (useragent, callback) {
+      request(app).get('/').set('User-Agent', useragent)
+      .expect('X-XSS-Protection', '1; mode=block', callback);
+    }, done);
   });
 
-  it('sets header for a weird user-agent', function (done) {
-    request(app).get('/').set('User-Agent', 'The Helmet Browser')
-    .expect('X-XSS-Protection', '1; mode=block', done);
+  it('disables it for unsupported browsers', function (done) {
+    each(disabledBrowsers, function (useragent, callback) {
+      request(app).get('/').set('User-Agent', useragent)
+      .expect('X-XSS-Protection', '0', callback);
+    }, done);
   });
 
-  it('sets header for Firefox 23', function (done) {
-    request(app).get('/').set('User-Agent', FIREFOX_23)
+  it('sets header if there is an empty user-agent', function (done) {
+    request(app).get('/').set('User-Agent', '')
     .expect('X-XSS-Protection', '1; mode=block', done);
   });
 
-  it('sets header for IE 9', function (done) {
-    request(app).get('/').set('User-Agent', IE_9)
+  it('sets header if there is no user-agent', function (done) {
+    request(app).get('/').unset('User-Agent')
     .expect('X-XSS-Protection', '1; mode=block', done);
   });
 
-  it('sets header for unknown browsers', function (done) {
-    request(app).get('/').set('User-Agent', 'Unknown Browser 123')
-    .expect('X-XSS-Protection', '1; mode=block', done);
-  });
-
-  it('sets header to 0 for IE 8', function (done) {
-    request(app).get('/').set('User-Agent', IE_8)
-    .expect('X-XSS-Protection', '0', done);
-  });
-
-  it('sets header to 0 for IE 7', function (done) {
-    request(app).get('/').set('User-Agent', IE_7)
-    .expect('X-XSS-Protection', '0', done);
-  });
-
-  it('allows you to force the header for old IE', function (done) {
+  it('allows you to force the header for unsupported browsers', function (done) {
     app = connect();
@@ -65,6 +61,8 @@ app.use(xssFilter({ setOnOldIE: true }));
     });
-    request(app).get('/').set('User-Agent', IE_8)
-    .expect('X-XSS-Protection', '1; mode=block', done);
+    each(disabledBrowsers, function (useragent, callback) {
+      request(app).get('/').set('User-Agent', useragent)
+      .expect('X-XSS-Protection', '1; mode=block', callback);
+    }, done);
   });
 
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

7805

increased by27.85%

Dependency count

0

decreased by-100%

Number of package files

9

increased by28.57%

Lines of code

76

increased by4.11%

Worsened metrics

Dev dependency count

5

increased by66.67%

Dependency changes

• - Removedplatform@1.3.0

• - Removedplatform@1.3.0(transitive)