Skip to content

Add CSP require-trusted-types-for header #180

New issue
New issue
Open
Open
Add CSP require-trusted-types-for header#180
Labels
enhancementNew feature or requesthelp wantedExtra attention is needed
@acrosman

Description

@acrosman
acrosman
opened on Nov 20, 2022

Summary
The two HTML files lack a require-trusted-types-for CSP directive. The overall application would be more secure with it.

Please describe the problem you are trying to solve.
ElectronNegativity uses Google CSP Evaluator which is currently flagging the lack of a
require-trusted-types-for CSP directive.

Proposed Solution

  • Add require-trusted-types-for 'script' to the CSP headers of both files.
  • Update the render scripts to avoid directly setting innerHTML and other things that violate the header.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is needed

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions