Elysia-xss NPM

Elysia XSS

A plugin for Elysia.js that provides XSS (Cross-Site Scripting) protection by sanitizing request body data.

Features

🛡️ Automatic XSS protection for request body data
🔄 Recursive sanitization of nested objects and arrays
🎯 Configurable scope options
🪶 Lightweight with minimal dependencies
🚀 Built for Elysia.js and Bun

Installation

bun add elysia-xss

Usage

import { Elysia } from 'elysia'
import { elysiaXSS } from 'elysia-xss'

const app = new Elysia()
    .use(elysiaXSS({}))
    .get("/", () => "Hello World!")
    .listen(3000)

Configuration

The plugin accepts a configuration object with the following options:

{
    as?: "global" | "scoped" | "local" // Default: "global"
}

Example with Configuration

import { Elysia } from 'elysia'
import { elysiaXSS } from 'elysia-xss'

const app = new Elysia()
    .use(elysiaXSS({ as: "scoped" }))
    .post("/submit", ({ body }) => {
        // body is automatically sanitized
        return { message: "Data received", data: body }
    })
    .listen(3000)

How it Works

The plugin automatically sanitizes all string values in the request body, including nested objects and arrays. It uses the xss package under the hood for sanitization.

Dependencies

Elysia - The web framework
xss - XSS sanitizer

License

MIT

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

elysia xss security sanitize xss-sanitize xss-protect xss-filter xss-protect-elysia elysia-xss elysia-plugin elysia-plugin-xss elysia-xss-plugin elysia-xss-protect bun

7 months ago

7 months ago

7 months ago

7 months ago