all files / esecurity/lib/middleware/ xss.js

100% Statements 12/12
100% Branches 6/6
100% Functions 2/2
100% Lines 11/11
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24                         
 
module.exports = function XssConstructor(opts) {
 
    opts = opts || {};
    opts.blockMode = opts.blockMode !== false;
    
    return function xss(req, res, next) {
        
        // self-awareness
        if (req._esecurity_xss)
            return next();
 
        req._esecurity_xss = true;
        
        var xssHeader = ['1'];
        
        if (opts.blockMode) xssHeader.push('mode=block');
        
        res.set('X-XSS-Protection', xssHeader.join(';'));
        
        return next();
    };
};