issues
search
psych-ds
/
psychds-validator
Validator tools for the psych-DS specification
0
stars
1
forks
source link
Security Concerns
#22
Open
bleonar5
opened
7 months ago
bleonar5
commented
7 months ago
The app should encrypt all traffic to the app with HTTPS.
The app should encode all rendered output to prevent XSS vulnerabilities. As far as I understand, using jsx should be able to cover this requirement.
Make sure all JSONs are rendered as strings.
Explicitly set character sets (utf-8) to prevent decoding attacks
Whitelist allowed sources for script and style, only allow imports from app origin