https://github.com/ahmedadelfahim/express-xss-sanitizer
Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.
https://github.com/ahmedadelfahim/express-xss-sanitizer
expressjs nodejs npm-package sanitizer xss
Last synced: 3 months ago
JSON representation
Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.
- Host: GitHub
- URL: https://github.com/ahmedadelfahim/express-xss-sanitizer
- Owner: AhmedAdelFahim
- License: mit
- Created: 2020-11-20T12:49:37.000Z (over 4 years ago)
- Default Branch: master
- Last Pushed: 2024-12-28T15:58:17.000Z (7 months ago)
- Last Synced: 2025-03-30T11:11:14.087Z (4 months ago)
- Topics: expressjs, nodejs, npm-package, sanitizer, xss
- Language: JavaScript
- Homepage: https://www.npmjs.com/package/express-xss-sanitizer
- Size: 33.2 KB
- Stars: 22
- Watchers: 1
- Forks: 9
- Open Issues: 2
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# Express XSS Sanitizer
Express 4.x and 5.x middleware which sanitizes user input data (in req.body, req.query, req.headers and req.params) to prevent Cross Site Scripting (XSS) attack.
[](https://github.com/AhmedAdelFahim/express-xss-sanitizer)
[](https://github.com/AhmedAdelFahim/express-xss-sanitizer)
[](https://www.npmjs.com/package/express-xss-sanitizer)
[](https://www.npmjs.com/package/express-xss-sanitizer)
[](https://www.npmjs.com/package/express-xss-sanitizer)
[](https://www.npmjs.com/package/express-xss-sanitizer)
## Installation
```bash
$ npm install express-xss-sanitizer
```
## Usage
Add as a piece of express middleware, before defining your routes.
```javascript
const express = require('express');
const bodyParser = require('body-parser');
const { xss } = require('express-xss-sanitizer');
const app = express();
app.use(bodyParser.json({limit:'1kb'}));
app.use(bodyParser.urlencoded({extended: true, limit:'1kb'}));
app.use(xss());
```
You can add options to specify allowed keys or allowed attributes to be skipped at sanitization
```javascript
const options = {
allowedKeys: ['name'],
allowedAttributes: {
input: ['value'],
},
}
app.use(xss(options));
```
You can add options to specify allowed tags to sanitize it and remove other tags
```javascript
const options = {
allowedTags: ['h1']
}
app.use(xss(options));
```
Add as a piece of express middleware, before single route.
```javascript
const express = require('express');
const bodyParser = require('body-parser');
const { xss } = require('express-xss-sanitizer');
const app = express();
app.use(bodyParser.json({limit:'1kb'}));
app.use(bodyParser.urlencoded({extended: true, limit:'1kb'}));
app.post("/body", xss(), function (req, res) {
// your code
});
app.post("/test", function (req, res) {
// your code
});
```
__Note:__ if you adding xxs() as application level middleware, the xxs() will sanitize req.body, req.headers and req.query only and for req.params you must add xxs() as route level middleware like below example.
```javascript
const express = require('express');
const bodyParser = require('body-parser');
const { xss } = require('express-xss-sanitizer');
const app = express();
app.use(bodyParser.json({limit:'1kb'}));
app.use(bodyParser.urlencoded({extended: true, limit:'1kb'}));
app.post("/params/:val", xss(), function (req, res) {
// your code
});
```
You also can sanitize your data (object, array, string,etc) on the fly.
```javascript
const { sanitize } = require('express-xss-sanitizer');
// ...
data = sanitize(data)
// or
data = sanitize(data, {allowedKeys: ['name']})
// ...
```
## For other frameworks
* [koa-xss-sanitizer](https://www.npmjs.com/package/koa-xss-sanitizer)
## Tests
To run the test suite, first install the dependencies, then run `npm test`:
```bash
$ npm install
$ npm test
```
## Support
Feel free to open issues on [github](https://github.com/AhmedAdelFahim/express-xss-sanitizer.git).