JSPM

  • ESM via JSPM
  • ES Module Entrypoint
  • Export Map
  • Keywords
  • License
  • Repository URL
  • TypeScript Types
  • README
  • Created
  • Published
  • Downloads 108147
  • Score
    100M100P100Q160902F

Middleware for IE security. Set X-Download-Options to noopen.

Package Exports

  • ienoopen

This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (ienoopen) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.

Readme

IE, restrict untrusted HTML

This middleware sets the X-Download-Options header to noopen to prevent IE users from executing downloads in your site's context.

var ienoopen = require('ienoopen');
app.use(ienoopen());

Some web applications will serve untrusted HTML for download. By default, some versions of IE will allow you to open those HTML files in the context of your site, which means that an untrusted HTML page could start doing bad things in the context of your pages. For more, see this MSDN blog post.

This is pretty obscure, fixing a small bug on IE only. No real drawbacks other than performance/bandwidth of setting the headers, though.