Skip to content
This repository has been archived by the owner on Mar 10, 2019. It is now read-only.

ABANDONED! Help prevent JSON hijacking in Express.

License

Notifications You must be signed in to change notification settings

helmetjs/express-json-hijack-prevention

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

JSON hijacking prevention for Express

This middleware adds res.safejson to help prevent JSON hijacking. You can read about JSON hijacking attacks here and here.

First, install it:

npm install express-json-hijack-prevention

Next, use it in your Express application:

var express = require('express');
var jsonHijackPrevention = require('express-json-hijack-prevention');

var app = express();

app.use(jsonHijackPrevention());

// Responds with this:
// while(1);{"numbers":[1,2,3]}
app.get('/response', function(req, res) {
  res.safejson({
    numbers: [1, 2, 3]
  });
});

When parsing these JSON responses, make sure to skip the prefix:

var parsed = JSON.parse(serverResponse.substr(9));

If you want to change the prefix:

app.use(jsonHijackPrevention({ prepend: "foo bar" }));

About

ABANDONED! Help prevent JSON hijacking in Express.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published