-
### Community Note
* Please vote on this issue by adding a 👍 [reaction](https://blog.github.com/2016-03-10-add-reactions-to-pull-requests-issues-and-comments/) to the original issue to help the commu…
-
As mentioned in this post:
https://blog.hasura.io/best-practices-of-using-jwt-with-graphql
> Persisting JWT token in localstorage (prone to XSS) < Persisting JWT token in an HttpOnly cookie (prone…
-
A primary goal of CSP is to mitigate and report XSS attacks. XSS attacks exploit the browser's trust of the content received from the server. Malicious scripts are executed by the victim's browser bec…
-
-
The pros of using a cookie would be:
- Being able to render authenticated pages with SSR
- Protecting ourselves against XSS attacks trying to steal the token. Any script that runs on the page can ac…
-
I have problem with agent, because our company vulnerability detection system reports that http demon used by FusionInventory agent does not use HTTP security headers (X-Frame-Options, X-XSS-Protectio…
-
1. SQL Injection and XSS: Ensure inputs are sanitized to prevent malicious attacks.
2. Permission Checks: Verify that unauthorized users cannot access restricted functionalities.
-
There is currently no input validation for user registration (or, honestly, anything that isn't automatically escaped by the pg_* functions). Users can register for an account with a username such as …
-
show a list of the last 10 questions
* warning: do provide some filter mechanism so that you're not showing any racist/sexist/.. comment on the site
* also be aware of xss attacks
## Prerequireme…
-
**I'm submitting a ...** (check one with "x")
```
[x] bug report => search github for a similar issue or PR before submitting
[ ] feature request
[ ] support request => Please do not submit suppo…
fsc93 updated
6 months ago