Skip to content
This repository has been archived by the owner on Mar 10, 2019. It is now read-only.
/ express-json-hijack-prevention Public archive

ABANDONED! Help prevent JSON hijacking in Express.

License

MIT license
7 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

helmetjs/express-json-hijack-prevention

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
test
test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
index.js
index.js
 
 
package.json
package.json
 
 

Repository files navigation

JSON hijacking prevention for Express

This middleware adds res.safejson to help prevent JSON hijacking. You can read about JSON hijacking attacks here and here.

First, install it:

npm install express-json-hijack-prevention

Next, use it in your Express application:

var express = require('express');
var jsonHijackPrevention = require('express-json-hijack-prevention');

var app = express();

app.use(jsonHijackPrevention());

// Responds with this:
// while(1);{"numbers":[1,2,3]}
app.get('/response', function(req, res) {
  res.safejson({
    numbers: [1, 2, 3]
  });
});

When parsing these JSON responses, make sure to skip the prefix:

var parsed = JSON.parse(serverResponse.substr(9));

If you want to change the prefix:

app.use(jsonHijackPrevention({ prepend: "foo bar" }));

About

ABANDONED! Help prevent JSON hijacking in Express.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

7 stars

Watchers

5 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages