51369b610e
When an include is not surrounded by empty lines, its content is inlined on the same line as the adjacent content. That can lead to broken tags and other display issues. This PR fixes all such includes and introduces a validation step that forbids introducing the same problem again.
49 lines
940 B
Plaintext
49 lines
940 B
Plaintext
include::../description.adoc[]
|
|
|
|
include::../ask-yourself.adoc[]
|
|
|
|
include::../recommended.adoc[]
|
|
|
|
== Sensitive Code Example
|
|
|
|
In Express.js application the code is sensitive if, when using https://www.npmjs.com/package/helmet[helmet], the ``++noSniff++`` middleware is disabled:
|
|
|
|
----
|
|
const express = require('express');
|
|
const helmet = require('helmet');
|
|
|
|
let app = express();
|
|
|
|
app.use(
|
|
helmet({
|
|
noSniff: false, // Sensitive
|
|
})
|
|
);
|
|
----
|
|
|
|
== Compliant Solution
|
|
|
|
When using ``++helmet++`` in an Express.js application, the ``++noSniff++`` middleware should be enabled (it is also done by default):
|
|
|
|
[source,javascript]
|
|
----
|
|
const express = require('express');
|
|
const helmet= require('helmet');
|
|
|
|
let app = express();
|
|
|
|
app.use(helmet.noSniff());
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
endif::env-github,rspecator-view[]
|