nunocoracao
commented
1 year ago Closing this as it's not a specific bug or enhancement
Closed d4rklynk closed 1 year ago
nunocoracao
commented
1 year ago Closing this as it's not a specific bug or enhancement
Describe the bug
Hi, there's a lot of inline script and inline style, and they should be removed (at least inline script) to avoid XSS attacks. Inline style should be avoided as much as possible.
Expected behavior
I'm not a dev so I only know thoerical solutions, like you should put the JS code and CSS code into appropriate files (JS and CSS files) instead doing it directly in the HTML file.
Here are some technniques that will help you :
Cross Site Scripting Prevention Cheat Sheet
JS tool
Additional context
I know it's a lot of work, I'm fully aware of that, but before the project gets bigger and bigger, it would be awesome to fix these issues before.
In my field (sysadmin), we try to block as much as possible inline script and inline style with Content Security Policies(CSP) when hosting websites. You can check the link (about CSP) to see how we block these and how to fix them.
Thanks in advance for your time.