g-k
commented
7 years ago I can pick this up if no one is working on it.
Closed g-k closed 7 years ago
g-k
commented
7 years ago I can pick this up if no one is working on it.
jaredlockhart
commented
7 years ago Fixed by #303
Adding a CSP header would provide a backstop to mitigate XSS.
https://developer.mozilla.org/en-US/docs/Web/Security/CSP https://wiki.mozilla.org/Security/CSP
https://observatory.mozilla.org/analyze.html?host=location-leaderboard.services.mozilla.com