jsonmaur / xss-clean Goto Github PK

@jsonmaur I'm contacting you here because I can't reach you on the now archived repo https://github.com/jsonmaur/xss-clean

I've just installed the latest xss-clean 0.1.3 and when I start my app, it doesn't find the lib folder in node_modules/xss-clean
Checked and I can only see package.json and README.md so there must have happened something wrong with the build process.

It would be good to un-archive it until these kinds of issues are ironed out.
I have reverted to the 7-year old 0.1.1 for the moment.

Thanks and sorry for opening an issue in this unrelated repo!

I am using this package as a middleware in Express and it works fine, but I am also using EditorJs as my rich text editor in front-end. My problem is that EditorJs generates an object which there is html in it, and I don't want to sanitize the incoming object of EditorJs. So I am asking if there is a way to exclude some fields (in my case it is "req.body.editorObj") from sanitizing process?

Hi @jsonmaur
I was having some issues integrating into typescript as the types are missing. I tried creating a xss-clean.d.ts file which did not help.

I ended up creating a custom middle ware and dumped your code to it with some changes like this. Is it ok for me to do this?

import { inHTMLData } from 'xss-filters';
import { RequestHandler, Request } from 'express';

const clean = (req: Request): Request => {
    if (req.body)
        req.body = JSON.parse(inHTMLData(JSON.stringify(req.body)).trim());
    if (req.query)
        req.query = JSON.parse(inHTMLData(JSON.stringify(req.query)).trim());
    if (req.params)
        req.params = JSON.parse(inHTMLData(JSON.stringify(req.params)).trim());

    return req;
};

const xss = (): RequestHandler => {
    return (req, _res, next) => {
        req = clean(req);
        next();
    };
};

export default xss;