x-xss-protection
    Overview
    Documentation
    Insights
    Code
    Contributors
    Dependencies
    Alternatives

x-xss-protection

Middleware to set the X-XSS-Protection header

1.3.0  •  Published 3 months ago  •  by helmetjs  •  MIT License

X-XSS-Protection middleware

Build Status

The X-XSS-Protection HTTP header is a basic protection against XSS. It was originally by Microsoft but Chrome has since adopted it as well.

This middleware sets the X-XSS-Protection header. On modern browsers, it will set the value to 1; mode=block. On old versions of Internet Explorer, this creates a vulnerability (see here and here), and so the header is set to 0 to disable it.

To use this middleware:

const xssFilter = require('x-xss-protection')
app.use(xssFilter())

To force the header to be set to 1; mode=block on all versions of IE, add the option:

app.use(xssFilter({ setOnOldIE: true }))
// This has some security problems for old IE!

You can also optionally configure a report URI, though the flag is specific to Chrome-based browsers. This option will report the violation to the specified URI:

app.use(xssFilter({ reportUri: '/report-xss-violation' }))

To remove mode=block from the header, which isn’t recommended, set the mode option to null:

app.use(xssFilter({ mode: null }))
How do you feel about the name Devstore for this site?

Popularity

Weekly Downloads
631.2K
Stars
33

Maintenance

Development

Last ver 3 months ago
Created 5 years ago
Last commit 3 months ago
23 days between commits

Technology

Node version: 12.6.0
6.7K unpacked

Compliance

MIT License
OSI Approved
0 vulnerabilities

Contributors

6 contributors
Evan Hahn
Maintainer, 70 commits, 4 merges
Works at Airtable
Daniel Sieradski
3 commits, 1 PRs
Works at The Self Agency, LLC
Nicolai Kamenzky
2 commits, 1 PRs
Ben James
1 commits, 1 PRs
Works at charisma-ai
dependabot[bot]
1 commits
Adam Baldwin
Maintainer
Works at npm

Tags

helmet
security
express
connect
xss
x-xss-protection
Ready for the next level?
Join Devstore's founding team to help us build the ultimate open-source app store, work with the latest technologies, and enjoy great culture, impact and autonomy
© 2019 Devstore, Inc.
Devstore helps developers find and use open-source packages, so they can focus on building amazing things