Enhacement: Nonce generation for Content Security Policy (CSP)
danmx opened this issue · 1 comments
danmx commented
Supporting nonce generation for Contenct Security Policy (CSP) HTTP header would greatly help boost defence against contect injection.
mufeedvh commented
Hey @danmx, that's a good feature but it isn't required in our case because binserve
is completely static and no user input can be injected or received. The template variables can be used as an input with external scripts to update it but those are escaped by Handlebars which prevents the possibilities for XSS and Content Injection. 👍