mufeedvh/binserve

Enhacement: Nonce generation for Content Security Policy (CSP)

danmx opened this issue · 1 comments

danmx commented

Supporting nonce generation for Contenct Security Policy (CSP) HTTP header would greatly help boost defence against contect injection.

Hey @danmx, that's a good feature but it isn't required in our case because binserve is completely static and no user input can be injected or received. The template variables can be used as an input with external scripts to update it but those are escaped by Handlebars which prevents the possibilities for XSS and Content Injection. 👍