@turbo-tools/x-xss
Pluggable X-XSS-Protection header functionality for turbo-http based servers
Getting Started
const xxss = require('@turbo-tools/x-xss')xXssProtection(response, reportUri='')
Does set the X-XSS-Protection header. A report uri can be set to that gets
called on violations.
For more information on the X-XSS-Protection header and report formats, please consult the MDN page
Example
const xxss = require('@turbo-tools/x-xss')
xxss(response)With turbo-http server
const http = require('turbo-http')
const xxss = require('@turbo-tools/x-xss')
// Create server
const server = http.createServer(function (req, res) {
const text = 'X-XSS protection set'
xxss(response, 'https://my-domain.org/xss-report')
res.statusCode = 200
res.setHeader('Content-Length', text.length)
res.write(Buffer.from(text))
})
// Listen
server.listen(3000)Installing
npm install @turbo-tools/x-xss --saveRunning the tests
All tests are contained in the test.js file, and written using Jest
Run them:
npm testIf you´d like to get the coverage data in addition to runnign the tests, use:
npm run test-coverageBuilt With
- NPM - Dependency Management
- Commitizen - Easy semantic commit messages
- Jest - Easy tests
- Semantic Release - Easy software releases
Contributing
Please read CONTRIBUTING.md for details on the process for submitting pull requests to us, and CODE_OF_CONDUCT.md for details on the code of conduct.
Versioning
We use SemVer for versioning. For the versions available, see the tags on this repository.
Authors
- Sebastian Golasch - Initial work - asciidisco
See also the list of contributors who participated in this project.
License
This project is licensed under the MIT License - see the LICENSE.md file for details
Acknowledgments
- Hat tip to @mafintosh for building turbo-net and turbo-http