Browse Source

add xxs protection to express (#191)

pull/197/head
Cian Butler 4 years ago
committed by GitHub
parent
commit
4701e7bfc4
3 changed files with 20 additions and 6 deletions
  1. +5
    -0
      app.js
  2. +2
    -1
      package.json
  3. +13
    -5
      yarn.lock

+ 5
- 0
app.js View File

@@ -9,6 +9,7 @@ const cookieParser = require('cookie-parser');
const bodyParser = require('body-parser');
const yaml = require('js-yaml');
const fs = require('fs');
const protect = require('@risingstack/protect');
const FileStreamRotator = require('file-stream-rotator');
const logger = require('./lib/logger');
const emailNewPosts = require('./lib/emailNewPosts');
@@ -44,6 +45,10 @@ app.use(bodyParser.json());
app.use(compression());
app.use(bodyParser.urlencoded({ extended: false }));
app.use(cookieParser());
app.use(protect.express.xss({
body : true,
loggerFunction: logger.error,
}));

// Dynamic generated contact forms
const contactFormRoute = require('./routes/contactForm');


+ 2
- 1
package.json View File

@@ -32,6 +32,7 @@
"version": "3.3.1"
},
"dependencies": {
"@risingstack/protect": "^1.0.0",
"async": "^2.0.1",
"body-parser": "~1.15.1",
"compression": "^1.6.2",
@@ -77,4 +78,4 @@
"eslint-plugin-promise": "3.5.0",
"eslint-plugin-standard": "2.1.0"
}
}
}

+ 13
- 5
yarn.lock View File

@@ -2,6 +2,12 @@
# yarn lockfile v1


"@risingstack/protect@^1.0.0":
version "1.0.0"
resolved "https://registry.yarnpkg.com/@risingstack/protect/-/protect-1.0.0.tgz#5dbc217a8158c3b3bfa01dce3ad41ed90ac1abc9"
dependencies:
debug "2.6.6"

JSONStream@^1.0.7:
version "1.3.1"
resolved "https://registry.yarnpkg.com/JSONStream/-/JSONStream-1.3.1.tgz#707f761e01dae9e16f1bcf93703b78c70966579a"
@@ -839,6 +845,12 @@ debug@2.6.3:
dependencies:
ms "0.7.2"

debug@2.6.6:
version "2.6.6"
resolved "https://registry.yarnpkg.com/debug/-/debug-2.6.6.tgz#a9fa6fbe9ca43cf1e79f73b75c0189cbb7d6db5a"
dependencies:
ms "0.7.3"

debug@~2.2.0:
version "2.2.0"
resolved "https://registry.yarnpkg.com/debug/-/debug-2.2.0.tgz#f87057e995b1a1f6ae6a4960664137bc56f039da"
@@ -969,11 +981,7 @@ dom-walk@^0.1.0:
version "0.1.1"
resolved "https://registry.yarnpkg.com/dom-walk/-/dom-walk-0.1.1.tgz#672226dc74c8f799ad35307df936aba11acd6018"

domelementtype@1:
version "1.3.0"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.3.0.tgz#b17aed82e8ab59e52dd9c19b1756e0fc187204c2"

domelementtype@~1.1.1:
domelementtype@1, domelementtype@~1.1.1:
version "1.1.3"
resolved "https://registry.yarnpkg.com/domelementtype/-/domelementtype-1.1.3.tgz#bd28773e2642881aec51544924299c5cd822185b"



Loading…
Cancel
Save