-
Notifications
You must be signed in to change notification settings - Fork 28
Security
httpjamesm edited this page Dec 29, 2022
·
1 revision
AnonymousOverflow takes security seriously and uses multiple redundant measures to prevent XSS attacks on the client.
- Templating engine is used for many variables that automatically sanitizes them and prevents any rogue code from being executed
- Many variables are internally sanitized with Go's
html.EscapeString()API when being directly served to the client - Strict XSS prevention headers are sent to the client on every non-static file request
- CSPs are added on every page that denies all scripts from running, either first-party or otherwise, and default to
none, preventing third-party connections, iframe attacks, inline attacks, etc.