A powerful middleware for securing your express.js applications against cross-site scripting (XSS) attacks
This package provides a middleware for Express.js that helps protect against cross-site scripting (XSS) attacks. It's built on top of the xss module and is written in TypeScript.
To use this middleware, first install it using npm or yarn:
npm install xss-shield
or
yarn add xss-shield
To use this middleware in your Express.js application, simply require or import it and add it to your middleware stack:
const express = require('express');
const xssShield = require('xss-shield');
const app = express();
// Add the middleware to the middleware stack
app.use(xssShield());
You can also pass options to the middleware to customize its behavior. See the xss documentation for available options.
const express = require('express');
const xssShield = require('xss-shield');
const app = express();
// Add the middleware to the middleware stack with options
app.use(xssShield({
whiteList: {
a: ['href', 'title', 'target'],
img: ['src', 'alt'],
}
}));
xss-shield is licensed under the MIT License. See LICENSE for more information.
FAQs
A powerful middleware for securing your express.js applications against cross-site scripting (XSS) attacks
The npm package xss-shield receives a total of 0 weekly downloads. As such, xss-shield popularity was classified as not popular.
We found that xss-shield demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
CISOs are racing to adopt AI for cybersecurity, but hurdles in budgets and governance may leave some falling behind in the fight against cyber threats.
Research
Security News
Socket researchers uncovered a backdoored typosquat of BoltDB in the Go ecosystem, exploiting Go Module Proxy caching to persist undetected for years.
Security News
Company News
Socket is joining TC54 to help develop standards for software supply chain security, contributing to the evolution of SBOMs, CycloneDX, and Package URL specifications.