-
### Issue Summary
The department of health in Hong Kong reported the following issue:
**Content Security Policy (CSP) Header Not Set**
```
Content Security Policy (CSP) is an added layer…
-
**Jodit Version:** 3.4.xxxxx
**Browser:** Chrome
**OS:** Windows
**Is React App:** True
**Code**
When embedding the script in WYSIWYG, it will work fine when you click on the prev…
-
The current yii framework has XSS attacks problem.
On GigaDB website, when embedded the script on URL e.g.
I temporarily fixed it using the CHtmlPurifier [
https://www.yiiframework.com/…
-
Currently there is no validation of code that gets entered into the site. Add some validation.
-
Due to the eval() for calculation we can execute arbitrary javascript. Pretty useful.
-
This ticket focuses on implementing the client side concern of leveling push notifications to the user through the browser. Safari and Chrome have push notification support.
## Stories and Use Cases
…
-
**`Severity Threshold: 🔵 MEDIUM`**
# 85 Potential vulnerability sources found within this repo
| `🔴 CRITICAL` | `🟡 HIGH` | `🔵 MEDIUM` | `⚪ LOW` |
|-|-|-|-|
| 0 | 28 | 57 | 0 |
**`ID: 01J53YX5GD6N7…
-
Type `alert('XSS')` into a form field and click submit.
This should not work.
[XSS (Cross Site Scripting) Prevention Cheat Sheet](https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Preven…
-
Reject any malicious content submitted to the API that can be exploited in front ends. Specifically external and social URL values and look at other model attributes that could contain vectors for exp…
-
Lighthouse says:
> A strong Content Security Policy (CSP) significantly reduces the risk of cross-site scripting (XSS) attacks