XSS Validator


This middleware works for both GET, POST methods and will throw an 400 Bad Request error when the either body or query params will contain unsecure code. Based on https://github.com/leizongmin/js-xss

It will help you solve this security problem.

export type XssValidator = {  whiteList: Record<string, any>;  stripIgnoreTag: boolean;  stripIgnoreTagBody: boolean;  css: Record<string, any> | boolean;} | {};

To write a custom logic for this middleware follow this pattern:

nuxt.config.ts
export default defineNuxtConfig({  security: {    xssValidator: {      stripIgnoreTag: true      throwError: false, // optional    }  }})

Or use routeRules for per route configuration:

nuxt.config.ts
export default defineNuxtConfig({  routeRules: {    '/my-secret-route': {      security: {        xssValidator: {          stripIgnoreTag: true          throwError: false, // optional        }      }    }  }