xss-clean

middleware to sanitize user input

Usage no npm install needed!

<script type="module">
  import xssClean from 'https://cdn.skypack.dev/xss-clean';
</script>

README

xss-clean

Build Status Coverage Status

Node.js Connect middleware to sanitize user input coming from POST body, GET queries, and url params. Works with Express, Restify, or any other Connect app.

How to Use

npm install xss-clean --save

var restify = require('restify')
var xss = require('xss-clean')

var app = restify.createServer()

app.use(restify.bodyParser())

/* make sure this comes before any routes */
app.use(xss())

app.listen(8080)

This will sanitize any data in req.body, req.query, and req.params. You can also access the API directly if you don't want to use as middleware.

var clean = require('xss-clean/lib/xss').clean

var cleaned = clean('<script></script>')
// will return "&lt;script>&lt;/script>"

Testing & Contributing

npm install
npm test

If you want to contribute or come across an issue that you know how to fix, just do it.