Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
x-xss-protection
Advanced tools
x-xss-protection - npm Package Compare versions
Comparing version 1.0.0 to 1.1.0
13
index.js
| module.exports = function xXssProtection (options) { | ||
| if (options && options.setOnOldIE) { | ||
| options = options || {} | ||
| var headerValue = '1; mode=block' | ||
| if (options.reportUri) { | ||
| headerValue += '; report=' + options.reportUri | ||
| } | ||
| if (options.setOnOldIE) { | ||
| return function xXssProtection (req, res, next) { | ||
| res.setHeader('X-XSS-Protection', '1; mode=block') | ||
| res.setHeader('X-XSS-Protection', headerValue) | ||
| next() | ||
@@ -13,3 +20,3 @@ } | ||
| if (!matches || (parseFloat(matches[1]) >= 9)) { | ||
| value = '1; mode=block' | ||
| value = headerValue | ||
| } else { | ||
@@ -16,0 +23,0 @@ value = '0' |
@@ -5,6 +5,6 @@ { | ||
| "contributors": [ | ||
| "Evan Hahn <me@evanhahn.com> (http://evanhahn.com)" | ||
| "Evan Hahn <me@evanhahn.com> (https://evanhahn.com)" | ||
| ], | ||
| "description": "Middleware to set the X-XSS-Protection header", | ||
| "version": "1.0.0", | ||
| "version": "1.1.0", | ||
| "license": "MIT", | ||
@@ -25,11 +25,10 @@ "keywords": [ | ||
| "scripts": { | ||
| "test": "standard && mocha" | ||
| "pretest": "standard --fix", | ||
| "test": "mocha" | ||
| }, | ||
| "devDependencies": { | ||
| "async": "^1.5.0", | ||
| "connect": "^3.3.1", | ||
| "mocha": "^2.3.4", | ||
| "rfile": "^1.0.0", | ||
| "standard": "^5.4.1", | ||
| "supertest": "^1.1.0" | ||
| "connect": "^3.6.5", | ||
| "mocha": "^4.1.0", | ||
| "standard": "^10.0.3", | ||
| "supertest": "^3.0.0" | ||
| }, | ||
@@ -39,2 +38,3 @@ "standard": { | ||
| "describe", | ||
| "before", | ||
| "beforeEach", | ||
@@ -41,0 +41,0 @@ "it" |
@@ -6,2 +6,4 @@ X-XSS-Protection middleware | ||
| [_Looking for a changelog?_](https://github.com/helmetjs/helmet/blob/master/HISTORY.md) | ||
| The `X-XSS-Protection` HTTP header is a basic protection against XSS. It was originally [by Microsoft](http://blogs.msdn.com/b/ieinternals/archive/2011/01/31/controlling-the-internet-explorer-xss-filter-with-the-x-xss-protection-http-header.aspx) but Chrome has since adopted it as well. | ||
@@ -24,1 +26,7 @@ | ||
| ``` | ||
| You can also optionally configure a report URI, though the flag is [specific to Chrome-based browsers](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection). This option will report the violation to the specified URI: | ||
| ```javascript | ||
| app.use(xssFilter({ reportUri: '/report-xss-violation' })) | ||
| ``` |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Dev dependency count
- decreased by-33.33%
4
- Number of lines in readme file
- increased by34.78%
31
Worsened metrics
- Total package byte prevSize
- decreased by-45.05%
4397
- Number of package files
- decreased by-55.56%
4
- Lines of code
- decreased by-68.75%
25
No dependency changes