%20--%3e%3ccircle%20cx='32'%20cy='32'%20r='30'%20fill='rgba(99,102,241,0.05)'%20stroke='url(%23icon-gradient)'%20stroke-width='1.5'/%3e%3c!--%20Left%20bracket%20%3c%20--%3e%3cpath%20d='M12%2020L4%2032L12%2044'%20stroke='url(%23icon-gradient)'%20stroke-width='4'%20stroke-linecap='round'%20stroke-linejoin='round'%20fill='none'/%3e%3c!--%20Central%20E%20--%3e%3cpath%20d='M22%2018H42V24H28V29H40V35H28V40H42V46H22V18Z'%20fill='url(%23icon-accent)'/%3e%3c!--%20Right%20bracket%20%3e%20--%3e%3cpath%20d='M52%2020L60%2032L52%2044'%20stroke='url(%23icon-gradient)'%20stroke-width='4'%20stroke-linecap='round'%20stroke-linejoin='round'%20fill='none'/%3e%3c!--%20Decorative%20dots%20--%3e%3ccircle%20cx='32'%20cy='10'%20r='2'%20fill='%23818CF8'%20opacity='0.7'/%3e%3ccircle%20cx='32'%20cy='54'%20r='2'%20fill='%236366F1'%20opacity='0.7'/%3e%3c/svg%3e){kind=small}
Leitfaden für Sicherheitslücken
Häufige Web-Sicherheitslücken verstehen und beheben, die von VitaPulse erkannt werden
Mittel
No Trusted Types PolicyYour site does not use Trusted Types, a browser API that prevents DOM-based cross-site scripting attacks.
Risiko
DOM-based XSS occurs when JavaScript takes user-controlled input and passes it to dangerous DOM sinks (innerHTML, eval, document.write). Without Trusted Types, there is no systematic way to prevent these injection points. Trusted Types enforce that only sanitized, trusted values can be assigned to dangerous DOM properties.
Lösung
Enable Trusted Types via CSP header. Create a Trusted Types policy that sanitizes HTML. Refactor your code to use the policy when assigning to dangerous sinks.
Beispiel
Content-Security-Policy: require-trusted-types-for 'script' Kommentare (0)
Melden Sie sich an, um einen Kommentar zu verfassen.