ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5736/javascript/rule.adoc

40 lines
1.1 KiB
Plaintext
Raw Normal View History

Add rules 5000-5999
2020-06-30 12:50:28 +02:00
include::../description.adoc[]
include::../ask-yourself.adoc[]
include::../recommended.adoc[]
== Sensitive Code Example
In Express.js application the code is sensitive if the https://www.npmjs.com/package/helmet[helmet] <code>referrerPolicy</code> middleware is not used or used with unsafe values:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 5000-5999
2020-06-30 12:50:28 +02:00
----
const express = require('express');
const helmet = require('helmet');
let app = express(); // Sensitive helmet.referrerPolicy not used
app.get('/', function (req, res) {
res.send('Hello World!<script src="https://example.com/test"></script><script src="http://example.com/test"></script>')
});
----
== Compliant Solution
In Express.js application a standard way to implement referrer-policy is with the https://www.npmjs.com/package/helmet[helmet] middleware:
Fix code block ambiguity with old header style Ensure blank line before list and clean the one leading space
2020-06-30 14:49:38 +02:00
Add rules 5000-5999
2020-06-30 12:50:28 +02:00
----
const express = require('express');
const helmet = require('helmet');
let app = express();
app.use(helmet.referrerPolicy({policy: 'no-referrer'})); // Compliant
app.get('/', function (req, res) {
res.send('Hello World!<script src="https://example.com/test"></script><script src="http://example.com/test"></script>')
});
----
include::../see.adoc[]
Reference in New Issue Copy Permalink