protect

protect copied to clipboard

I'm the maintainer of Helmet. I plan to release the next major version this Sunday, 2020-08-22. Is there anything I can do to help get this module upgraded to `helmet@4`?...

EvanHahn

Vulnerable to XSS attacks

4

I found multiple XSS Attack vectors that aren't caught by the `isXss` function: https://github.com/RisingStack/protect/blob/60b0c91e86686d34e5202419ce9ae7e8dc08edcd/lib/rules/xss.js#L4-L13 ## tl;dr Don't use regex's for sanitization of HTML but if you are, then at least...

cianmce

csvigliano

Hello, I extracted your SQL injection detection as a dependency because I'm interested in using it out of the box and added more cases 🙂

Kikobeats

Hi There, Thanks for the library. This is more a question than a issue. How can I stop requests with sql injection in the body of the request. app.use( protect.express.sqlInjection(...

sundriver

I have a scenario where I want to limit a user by two things (for example, I want to limit by token and IP address) but rateLimiter always sets headers...

benjamingr

``` javascript const sql = new RegExp('w*((%27)|(\'))((%6F)|o|(%4F))((%72)|r|(%52))', 'i') const sqlMeta = new RegExp('(%27)|(\')|(--)|(%23)|(#)', 'i') const sqlMetaVersion2 = new RegExp('((%3D)|(=))[^\n]*((%27)|(\')|(--)|(%3B)|(;))', 'i') const sqlUnion = new RegExp('((%27)|(\'))union', 'i') ``` 1. The "sql"...

matt-

Do you have plan to support Koa2 Async/Await?

2

thedevper