Simon Bennetts

FYI I've been chatting to @jokrhub about this, and will manually override the DCO check :)

Just added https://github.com/zaproxy/zap-hud/wiki/Security @dscrobonia @thc202 @kingthorin is that enough to close this issue?

Have updated to state the default setting are safe but can be updated via the API Options Screen (which is linked to). Will try the HUD via docker asap -...

Added https://github.com/zaproxy/zap-hud/wiki/Using-the-HUD-with-ZAP-in-Docker and linked to it :D

For ref the related Firefox bug is: https://bugzilla.mozilla.org/show_bug.cgi?id=1438945 and the good news is that it looks like it should be fixed soon.

So https://bugzilla.mozilla.org/show_bug.cgi?id=1438945 says its fixed in Firefox 65 - we should double check to see if this is all ok now...

The ZAP side of this should be implemented by #94

We do now have a dev mode for the HUD, but it might not yet support all of these features...

For info ZAP already optionally strips out CSP. The relevant code for this: - https://github.com/zaproxy/zap-hud/blob/a6e0af1cc4e88a574c01ffa75736170bf27990fc/src/main/java/org/zaproxy/zap/extension/hud/HudParam.java#L95 - https://github.com/zaproxy/zap-hud/blob/6b2ab0b494951cf7bbd0f05db79e3c72715cb491/src/main/java/org/zaproxy/zap/extension/hud/OptionsHudPanel.java#L58 - https://github.com/zaproxy/zap-hud/blob/6b2ab0b494951cf7bbd0f05db79e3c72715cb491/src/main/java/org/zaproxy/zap/extension/hud/ExtensionHUD.java#L440 To fix this issue we'll need to do something similar.

Ok, the key line here is "No such file /target/injectionHtml.html" If that files not available then the HUD _will_ fail. @faisalusuf - what value do you have in "Options /...