@blocklet/xss 0.1.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/LICENSE +13 -0
  2. package/README.md +52 -0
  3. package/es/index.d.ts +8 -0
  4. package/es/index.js +17 -0
  5. package/es/types.d.ts +4 -0
  6. package/es/types.js +0 -0
  7. package/es/utils.d.ts +2 -0
  8. package/es/utils.js +59 -0
  9. package/lib/index.d.ts +8 -0
  10. package/lib/index.js +37 -0
  11. package/lib/types.d.ts +4 -0
  12. package/lib/types.js +1 -0
  13. package/lib/utils.d.ts +2 -0
  14. package/lib/utils.js +68 -0
  15. package/package.json +59 -0
package/LICENSE ADDED
@@ -0,0 +1,13 @@
1
+ Copyright 2018-2020 ArcBlock
2
+
3
+ Licensed under the Apache License, Version 2.0 (the "License");
4
+ you may not use this file except in compliance with the License.
5
+ You may obtain a copy of the License at
6
+
7
+ http://www.apache.org/licenses/LICENSE-2.0
8
+
9
+ Unless required by applicable law or agreed to in writing, software
10
+ distributed under the License is distributed on an "AS IS" BASIS,
11
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12
+ See the License for the specific language governing permissions and
13
+ limitations under the License.
package/README.md ADDED
@@ -0,0 +1,52 @@
1
+ # @blocklet/xss
2
+
3
+ **@blocklet/xss** is a package that integrates the **xss** refer to the [official documentation](https://www.npmjs.com/package/xss).
4
+
5
+ ## Development
6
+
7
+ ### Install In Blocklet
8
+
9
+ ```
10
+ # You can use npm / yarn
11
+ pnpm add @blocklet/xss
12
+ ```
13
+
14
+ ### Install Dependencies
15
+
16
+ To install the required dependencies, run the following command:
17
+
18
+ ```
19
+ pnpm i
20
+ ```
21
+
22
+ ### Build Packages
23
+
24
+ To build the packages, execute the following command:
25
+
26
+ ```
27
+ pnpm build
28
+ ```
29
+
30
+ ### Build, Watch, and Run Development Server
31
+
32
+ For building, watching changes, and running the development server, use the following command:
33
+
34
+ ```
35
+ pnpm run dev
36
+ ```
37
+
38
+ ## Example
39
+
40
+ ```jsx
41
+ const { xss } = require('@blocklet/xss');
42
+ const express = require('express');
43
+
44
+ const app = express();
45
+ // ---- body-parser ----
46
+
47
+ app.use(xss());
48
+ ```
49
+
50
+ ## License
51
+
52
+ This package is licensed under the MIT license.
package/es/index.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ import { SanitizeOptions } from './types';
2
+ export * from './utils';
3
+ export declare function xss(options?: SanitizeOptions): (req: any, res: any, next: Function) => void;
4
+ declare const _default: {
5
+ xss: typeof xss;
6
+ initSanitize: (_options?: SanitizeOptions) => any;
7
+ };
8
+ export default _default;
package/es/index.js ADDED
@@ -0,0 +1,17 @@
1
+ import { initSanitize } from "./utils.js";
2
+ export * from "./utils.js";
3
+ export function xss(options = {}) {
4
+ const sanitize = initSanitize(options);
5
+ return (req, res, next) => {
6
+ ["body", "params", "headers", "query"].forEach((k) => {
7
+ if (req[k]) {
8
+ req[k] = sanitize(req[k]);
9
+ }
10
+ });
11
+ next();
12
+ };
13
+ }
14
+ export default {
15
+ xss,
16
+ initSanitize
17
+ };
package/es/types.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ import * as xss from 'xss';
2
+ export interface SanitizeOptions extends xss.IFilterXSSOptions {
3
+ allowedKeys?: string[];
4
+ }
package/es/types.js ADDED
File without changes
package/es/utils.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import { SanitizeOptions } from './types';
2
+ export declare const initSanitize: (_options?: SanitizeOptions) => any;
package/es/utils.js ADDED
@@ -0,0 +1,59 @@
1
+ import * as xss from "xss";
2
+ let defaultOptions = {
3
+ escapeHtml: (str) => str,
4
+ stripIgnoreTag: true,
5
+ stripIgnoreTagBody: ["script"]
6
+ };
7
+ function hasOwn(object, key) {
8
+ const keys = Reflect.ownKeys(object).filter((item) => typeof item !== "symbol");
9
+ return keys.includes(key);
10
+ }
11
+ const initializeOptions = (options) => {
12
+ const sanitizerOptions = {};
13
+ if (hasOwn(options, "allowedKeys") && Array.isArray(options.allowedKeys) && options.allowedKeys.length > 0) {
14
+ sanitizerOptions.allowedKeys = options.allowedKeys;
15
+ }
16
+ if (hasOwn(options, "whiteList") && typeof options.whiteList === "object") {
17
+ sanitizerOptions.whiteList = options.whiteList;
18
+ }
19
+ return sanitizerOptions;
20
+ };
21
+ export const initSanitize = (_options = {}) => {
22
+ const options = {
23
+ ...defaultOptions,
24
+ ...initializeOptions(_options)
25
+ };
26
+ const xssInstance = new xss.FilterXSS(options);
27
+ const sanitize = (data) => {
28
+ if (typeof data === "string") {
29
+ return xssInstance.process(data);
30
+ }
31
+ if (Array.isArray(data)) {
32
+ return data.map((item) => {
33
+ if (typeof item === "string") {
34
+ return xssInstance.process(item);
35
+ }
36
+ if (Array.isArray(item) || typeof item === "object") {
37
+ return sanitize(item);
38
+ }
39
+ return item;
40
+ });
41
+ }
42
+ if (typeof data === "object" && data !== null) {
43
+ Object.keys(data).forEach((key) => {
44
+ if (options?.allowedKeys?.includes(key)) {
45
+ return;
46
+ }
47
+ const item = data[key];
48
+ if (typeof item === "string") {
49
+ data[key] = xssInstance.process(item);
50
+ } else if (Array.isArray(item) || typeof item === "object") {
51
+ data[key] = sanitize(item);
52
+ }
53
+ });
54
+ }
55
+ return data;
56
+ };
57
+ console.info("sanitize ready:", options);
58
+ return sanitize;
59
+ };
package/lib/index.d.ts ADDED
@@ -0,0 +1,8 @@
1
+ import { SanitizeOptions } from './types';
2
+ export * from './utils';
3
+ export declare function xss(options?: SanitizeOptions): (req: any, res: any, next: Function) => void;
4
+ declare const _default: {
5
+ xss: typeof xss;
6
+ initSanitize: (_options?: SanitizeOptions) => any;
7
+ };
8
+ export default _default;
package/lib/index.js ADDED
@@ -0,0 +1,37 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ var _exportNames = {
7
+ xss: true
8
+ };
9
+
10
+ exports.xss = xss;
11
+ var _utils = require("./utils");
12
+ Object.keys(_utils).forEach(function (key) {
13
+ if (key === "default" || key === "__esModule") return;
14
+ if (Object.prototype.hasOwnProperty.call(_exportNames, key)) return;
15
+ if (key in exports && exports[key] === _utils[key]) return;
16
+ Object.defineProperty(exports, key, {
17
+ enumerable: true,
18
+ get: function () {
19
+ return _utils[key];
20
+ }
21
+ });
22
+ });
23
+ function xss(options = {}) {
24
+ const sanitize = (0, _utils.initSanitize)(options);
25
+ return (req, res, next) => {
26
+ ["body", "params", "headers", "query"].forEach(k => {
27
+ if (req[k]) {
28
+ req[k] = sanitize(req[k]);
29
+ }
30
+ });
31
+ next();
32
+ };
33
+ }
34
+ module.exports = {
35
+ xss,
36
+ initSanitize: _utils.initSanitize
37
+ };
package/lib/types.d.ts ADDED
@@ -0,0 +1,4 @@
1
+ import * as xss from 'xss';
2
+ export interface SanitizeOptions extends xss.IFilterXSSOptions {
3
+ allowedKeys?: string[];
4
+ }
package/lib/types.js ADDED
@@ -0,0 +1 @@
1
+ "use strict";
package/lib/utils.d.ts ADDED
@@ -0,0 +1,2 @@
1
+ import { SanitizeOptions } from './types';
2
+ export declare const initSanitize: (_options?: SanitizeOptions) => any;
package/lib/utils.js ADDED
@@ -0,0 +1,68 @@
1
+ "use strict";
2
+
3
+ Object.defineProperty(exports, "__esModule", {
4
+ value: true
5
+ });
6
+ exports.initSanitize = void 0;
7
+ var xss = _interopRequireWildcard(require("xss"));
8
+ function _getRequireWildcardCache(e) { if ("function" != typeof WeakMap) return null; var r = new WeakMap(), t = new WeakMap(); return (_getRequireWildcardCache = function (e) { return e ? t : r; })(e); }
9
+ function _interopRequireWildcard(e, r) { if (!r && e && e.__esModule) return e; if (null === e || "object" != typeof e && "function" != typeof e) return { default: e }; var t = _getRequireWildcardCache(r); if (t && t.has(e)) return t.get(e); var n = { __proto__: null }, a = Object.defineProperty && Object.getOwnPropertyDescriptor; for (var u in e) if ("default" !== u && Object.prototype.hasOwnProperty.call(e, u)) { var i = a ? Object.getOwnPropertyDescriptor(e, u) : null; i && (i.get || i.set) ? Object.defineProperty(n, u, i) : n[u] = e[u]; } return n.default = e, t && t.set(e, n), n; }
10
+ let defaultOptions = {
11
+ escapeHtml: str => str,
12
+ stripIgnoreTag: true,
13
+ stripIgnoreTagBody: ["script"]
14
+ };
15
+ function hasOwn(object, key) {
16
+ const keys = Reflect.ownKeys(object).filter(item => typeof item !== "symbol");
17
+ return keys.includes(key);
18
+ }
19
+ const initializeOptions = options => {
20
+ const sanitizerOptions = {};
21
+ if (hasOwn(options, "allowedKeys") && Array.isArray(options.allowedKeys) && options.allowedKeys.length > 0) {
22
+ sanitizerOptions.allowedKeys = options.allowedKeys;
23
+ }
24
+ if (hasOwn(options, "whiteList") && typeof options.whiteList === "object") {
25
+ sanitizerOptions.whiteList = options.whiteList;
26
+ }
27
+ return sanitizerOptions;
28
+ };
29
+ const initSanitize = (_options = {}) => {
30
+ const options = {
31
+ ...defaultOptions,
32
+ ...initializeOptions(_options)
33
+ };
34
+ const xssInstance = new xss.FilterXSS(options);
35
+ const sanitize = data => {
36
+ if (typeof data === "string") {
37
+ return xssInstance.process(data);
38
+ }
39
+ if (Array.isArray(data)) {
40
+ return data.map(item => {
41
+ if (typeof item === "string") {
42
+ return xssInstance.process(item);
43
+ }
44
+ if (Array.isArray(item) || typeof item === "object") {
45
+ return sanitize(item);
46
+ }
47
+ return item;
48
+ });
49
+ }
50
+ if (typeof data === "object" && data !== null) {
51
+ Object.keys(data).forEach(key => {
52
+ if (options?.allowedKeys?.includes(key)) {
53
+ return;
54
+ }
55
+ const item = data[key];
56
+ if (typeof item === "string") {
57
+ data[key] = xssInstance.process(item);
58
+ } else if (Array.isArray(item) || typeof item === "object") {
59
+ data[key] = sanitize(item);
60
+ }
61
+ });
62
+ }
63
+ return data;
64
+ };
65
+ console.info("sanitize ready:", options);
66
+ return sanitize;
67
+ };
68
+ exports.initSanitize = initSanitize;
package/package.json ADDED
@@ -0,0 +1,59 @@
1
+ {
2
+ "name": "@blocklet/xss",
3
+ "version": "0.1.1",
4
+ "description": "blocklet prevent xss attack",
5
+ "publishConfig": {
6
+ "access": "public"
7
+ },
8
+ "sideEffects": false,
9
+ "exports": {
10
+ ".": {
11
+ "require": "./lib/index.js",
12
+ "import": "./es/index.js",
13
+ "types": "./lib/index.d.ts"
14
+ }
15
+ },
16
+ "main": "./lib/index.js",
17
+ "module": "./es/index.js",
18
+ "types": "./lib/index.d.ts",
19
+ "files": [
20
+ "lib",
21
+ "es",
22
+ "*.d.ts"
23
+ ],
24
+ "keywords": [
25
+ "blocklet",
26
+ "xss"
27
+ ],
28
+ "author": "arcblock <blocklet@arcblock.io> https://github.com/blocklet",
29
+ "license": "MIT",
30
+ "dependencies": {
31
+ "xss": "^1.0.14"
32
+ },
33
+ "devDependencies": {
34
+ "@arcblock/eslint-config-ts": "^0.2.4",
35
+ "@types/chai": "^4.3.17",
36
+ "@types/mocha": "^10.0.7",
37
+ "@types/supertest": "^6.0.2",
38
+ "body-parser": "^1.20.2",
39
+ "chai": "^5.1.1",
40
+ "eslint": "^8.57.0",
41
+ "esm": "^3.2.25",
42
+ "express": "^4.19.2",
43
+ "mocha": "^10.7.3",
44
+ "supertest": "^7.0.0",
45
+ "ts-node": "^10.9.2",
46
+ "typescript": "^5.4.5",
47
+ "unbuild": "^2.0.0"
48
+ },
49
+ "scripts": {
50
+ "coverage": "pnpm test -- --coverage",
51
+ "build": "unbuild",
52
+ "build:watch": "npx nodemon --ext 'ts,tsx,json,js,jsx' --exec 'pnpm run build' --ignore 'lib/*' --ignore 'es/*' ",
53
+ "dev": "pnpm run build:watch",
54
+ "prepublish": "pnpm run build",
55
+ "prebuild:dep": "pnpm run build",
56
+ "preversion": "npm run lint && npm run test",
57
+ "test": "mocha"
58
+ }
59
+ }