JakeHartnell
commented
11 months ago @NoahSaso do we have this? Feel that React does a pretty good job of protecting against this.
Open elsehow opened 1 year ago
JakeHartnell
commented
11 months ago @NoahSaso do we have this? Feel that React does a pretty good job of protecting against this.
A Content-Security-Policy helps mitigate cross-site scripting (XSS) attacks by specifying allowed origins for contents like scripts and iframes.
Although we cannot specify trusted origins for all asset types (users are free to add images from any origin, for example), it may make sense to specify trusted origins for scripts and iframes.