Fix security csp#12
Open
tonglynn wants to merge 23 commits intosptin2002:masterfrom
Open
Conversation
add Improve tests and codecov
Merge Student B i18n changes: add English, Chinese, and Japanese language selector.
Fixed the XSS cross-site scripting attack vulnerability.
Optimized the budget.js
Updated to the version that has fixed XSS issues
Update budget.test.js
fix: add budget entry input validation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I added a strict Content-Security-Policy meta tag in the index.html header to restrict external resource loading.
Lighthouse flagged the absence of a CSP as a high-severity security vulnerability. According to OWASP and IEEE security guidelines, without CSP, the application is highly vulnerable to Cross-Site Scripting (XSS) attacks.
Modified the tag in index.html to include: