random length HTML comments to mitigate BREACH attacks
JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
example
test
.gitignore
.travis.yml
LICENSE.txt
README.md
index.js
package.json

README.md

BREACH helper for Node

npm version build status

One way to protect yourself against the BREACH attack is to add random-length comments to your HTML. This little module helps with that!

It's inspired by breach-mitigation-rails.

Usage with Express

After installing with npm install breach-helper, add this to your app code:

app.locals.breachHelper = require('breach-helper');

Now, the function breachHelper will be available to all your views.

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage with Hapi

After installing with npm install breach-helper, add the breachHelper property when you render things:

var breachHelper = require('breach-helper');

// ...

server.route({
  method: 'GET', path: '/',
  handler: function(req, reply) {
    reply.view('index', {
      breachHelper: breachHelper
    });
  }
});

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage elsewhere

This module just exports one function. That function returns a string that's a variable-length HTML comment. If you want to use this in another context, you can use that function!

var breachHelper = require('breach-helper');
breachHelper(); // "<!--ABCD420...-->"
breachHelper(); // "<!--69XYZZY...-->"

Enjoy.