scorecard-webapp icon indicating copy to clipboard operation
scorecard-webapp copied to clipboard

Published 20 hours ago verified publisher icon ossf

XSS protection when displaying repo data

Open laurentsimon opened this issue 3 years ago • 0 comments

This is just a placeholder issue to keep track of the way we'll sanitize the scorecard results (data from repos is considered untrusted). I think this will be combination of input sanitization, CSP and frame sandbox attributes. Depends very much on web framework we use. Need to explore a little more.

To keep in mind during design.

laurentsimon avatar Jan 21 '22 18:01 laurentsimon