search

hplush / slowreader

Web app to combine feeds from social networks and RSS and to help read more meaningful and deep content
https://dev.slowreader.app
GNU Affero General Public License v3.0
161 stars 37 forks source link

Add CSP protection against XSS #189

Closed ai closed 6 months ago

ai commented 6 months ago

Content-Security-Policy header will block any <script> in HTML not from allow-list