tezx
Version:
TezX is a modern, ultra-lightweight, and high-performance JavaScript framework built specifically for Bun. It provides a minimal yet powerful API, seamless environment management, and a high-concurrency HTTP engine for building fast, scalable web applicat
45 lines (44 loc) • 1.46 kB
TypeScript
import { Context } from "../index.js";
import { Middleware } from "../types/index.js";
export type XSSProtectionOptions = {
/**
* 🟢 Whether to enable XSS protection
* @default true
* @example
* enabled: true // Always enable
* enabled: (ctx) => !ctx.isAdmin // Disable for admin routes
*/
enabled?: boolean | ((ctx: Context) => boolean);
/**
* 🔵 Protection mode to use
* @default "block"
* @example
* mode: "block" // Block the page if XSS detected
* mode: "filter" // Sanitize the page if XSS detected
*/
mode?: "block" | "filter";
/**
* 🟣 Fallback CSP for browsers without XSS protection
* @default "default-src 'self'; script-src 'self';"
* @example
* fallbackCSP: "default-src 'none'; script-src 'self' https://trusted.cdn.com"
*/
fallbackCSP?: string;
};
/**
* 🛡️ Middleware to set the X-XSS-Protection header and provide enhanced XSS mitigation
* @param options - Configuration options for XSS protection
* @returns Middleware function
*
* @example
* // Basic usage
* app.use(xssProtection());
*
* // Custom configuration
* app.use(xssProtection({
* mode: "filter",
* fallbackCSP: "default-src 'self'"
* }));
*/
declare const xssProtection: <T extends Record<string, any> = {}, Path extends string = any>(options?: XSSProtectionOptions) => Middleware<T, Path>;
export { xssProtection as default, xssProtection };