bleonar5
commented
7 months ago - The app should encrypt all traffic to the app with HTTPS.
- The app should encode all rendered output to prevent XSS vulnerabilities. As far as I understand, using jsx should be able to cover this requirement.
- Make sure all JSONs are rendered as strings.
- Explicitly set character sets (utf-8) to prevent decoding attacks
- Whitelist allowed sources for script and style, only allow imports from app origin