Skip to content
master
Go to file
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

README.md

BREACH helper for Node

npm version build status

One way to protect yourself against the BREACH attack is to add random-length comments to your HTML. This little module helps with that!

It's inspired by breach-mitigation-rails.

Usage with Express

After installing with npm install breach-helper, add this to your app code:

app.locals.breachHelper = require('breach-helper');

Now, the function breachHelper will be available to all your views.

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage with Hapi

After installing with npm install breach-helper, add the breachHelper property when you render things:

var breachHelper = require('breach-helper');

// ...

server.route({
  method: 'GET', path: '/',
  handler: function(req, reply) {
    reply.view('index', {
      breachHelper: breachHelper
    });
  }
});

To use it with Jade, put this somewhere in your HTML:

!= breachHelper()

To use it with EJS, put this somewhere in your HTML:

<%- breachHelper() %>

Usage elsewhere

This module just exports one function. That function returns a string that's a variable-length HTML comment. If you want to use this in another context, you can use that function!

var breachHelper = require('breach-helper');
breachHelper(); // "<!--ABCD420...-->"
breachHelper(); // "<!--69XYZZY...-->"

Enjoy.

About

random length HTML comments to mitigate BREACH attacks

Resources

License

Releases

No releases published
You can’t perform that action at this time.