From bde81a7e2c7b19bbc027b7e4a7c1734f25f3ea3b Mon Sep 17 00:00:00 2001
From: Stanley Lau <stanley@mmldigi.com>
Date: Fri, 20 Jul 2018 07:37:33 +0800
Subject: [PATCH 1/7] =?UTF-8?q?=E5=AE=8C=E6=88=90helmet=E7=AC=AC=E4=B8=80?=
 =?UTF-8?q?=E5=B0=8F=E8=8A=82=E7=BF=BB=E8=AF=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 06-information-security-and-quality-assurance/helmetjs.json | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/06-information-security-and-quality-assurance/helmetjs.json b/06-information-security-and-quality-assurance/helmetjs.json
index bfc897b..b32d4c5 100644
--- a/06-information-security-and-quality-assurance/helmetjs.json
+++ b/06-information-security-and-quality-assurance/helmetjs.json
@@ -26,12 +26,12 @@
       "id": "587d8247367417b2b2512c37",
       "title": "Hide Potentially Dangerous Information Using helmet.hidePoweredBy()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
-        "Hackers can exploit known vulnerabilities in Express/Node if they see that your site is powered by Express. X-Powered-By: Express is sent in every request coming from Express by default. The helmet.hidePoweredBy() middleware will remove the X-Powered-By header. You can also explicitly set the header to something else, to throw people off. e.g. app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))"
+        "温馨提醒，这个项目是建立在下面这个模版之上的 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch模版地址</a>, 你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
+        "黑客们可能会利用 Express/Node 的安全问题对你的网站做破坏如果他们知道你的网站是用 Express 搭建的. X-Powered-By: Express 默认情况下会被添加到所有响应的头部。不过 helmet.hidePoweredBy() 中间件可以帮你移除 X-Powered-By 头. 你甚至可以把头设置成其它的值。 如 app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))"
       ],
       "tests": [
         {
-          "text": "helmet.hidePoweredBy() middleware should be mounted correctly",
+          "text": "helmet.hidePoweredBy() 中间件应该被正确加载",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'hidePoweredBy'); assert.notEqual(data.headers['x-powered-by'], 'Express')}, xhr => { throw new Error(xhr.responseText); })"
         }
       ],

From debea0af6c3509d19a7afd6377902d2b520f9c81 Mon Sep 17 00:00:00 2001
From: Stanley Lau <stanley@mmldigi.com>
Date: Sun, 22 Jul 2018 13:21:10 +0800
Subject: [PATCH 2/7] Finish 10%

---
 .idea/challenges.iml                          |  12 ++
 .idea/misc.xml                                |   6 +
 .idea/modules.xml                             |   8 +
 .idea/vcs.xml                                 |   6 +
 .idea/workspace.xml                           | 161 ++++++++++++++++++
 .../helmetjs.json                             |  36 ++--
 6 files changed, 211 insertions(+), 18 deletions(-)
 create mode 100644 .idea/challenges.iml
 create mode 100644 .idea/misc.xml
 create mode 100644 .idea/modules.xml
 create mode 100644 .idea/vcs.xml
 create mode 100644 .idea/workspace.xml

diff --git a/.idea/challenges.iml b/.idea/challenges.iml
new file mode 100644
index 0000000..24643cc
--- /dev/null
+++ b/.idea/challenges.iml
@@ -0,0 +1,12 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module type="WEB_MODULE" version="4">
+  <component name="NewModuleRootManager">
+    <content url="file://$MODULE_DIR$">
+      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
+      <excludeFolder url="file://$MODULE_DIR$/temp" />
+      <excludeFolder url="file://$MODULE_DIR$/tmp" />
+    </content>
+    <orderEntry type="inheritedJdk" />
+    <orderEntry type="sourceFolder" forTests="false" />
+  </component>
+</module>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
new file mode 100644
index 0000000..28a804d
--- /dev/null
+++ b/.idea/misc.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="JavaScriptSettings">
+    <option name="languageLevel" value="ES6" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
new file mode 100644
index 0000000..9fb8e8b
--- /dev/null
+++ b/.idea/modules.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ProjectModuleManager">
+    <modules>
+      <module fileurl="file://$PROJECT_DIR$/.idea/challenges.iml" filepath="$PROJECT_DIR$/.idea/challenges.iml" />
+    </modules>
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
new file mode 100644
index 0000000..94a25f7
--- /dev/null
+++ b/.idea/vcs.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="VcsDirectoryMappings">
+    <mapping directory="$PROJECT_DIR$" vcs="Git" />
+  </component>
+</project>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
new file mode 100644
index 0000000..a3a63cc
--- /dev/null
+++ b/.idea/workspace.xml
@@ -0,0 +1,161 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project version="4">
+  <component name="ChangeListManager">
+    <list default="true" id="aabb8dac-b567-42be-85b0-fe36d98a5a22" name="Default" comment="">
+      <change beforePath="$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json" beforeDir="false" afterPath="$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json" afterDir="false" />
+    </list>
+    <ignored path="$PROJECT_DIR$/.tmp/" />
+    <ignored path="$PROJECT_DIR$/temp/" />
+    <ignored path="$PROJECT_DIR$/tmp/" />
+    <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
+    <option name="TRACKING_ENABLED" value="true" />
+    <option name="SHOW_DIALOG" value="false" />
+    <option name="HIGHLIGHT_CONFLICTS" value="true" />
+    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
+    <option name="LAST_RESOLUTION" value="IGNORE" />
+  </component>
+  <component name="FileEditorManager">
+    <leaf>
+      <file leaf-file-name="helmetjs.json" pinned="false" current-in-tab="true">
+        <entry file="file://$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json">
+          <provider selected="true" editor-type-id="text-editor">
+            <state relative-caret-position="153">
+              <caret line="9" column="22" lean-forward="true" selection-start-line="9" selection-start-column="22" selection-end-line="9" selection-end-column="22" />
+              <folding>
+                <element signature="e#21368#24165#0" />
+                <element signature="e#24171#26615#0" />
+              </folding>
+            </state>
+          </provider>
+        </entry>
+      </file>
+    </leaf>
+  </component>
+  <component name="Git.Settings">
+    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
+  </component>
+  <component name="IdeDocumentHistory">
+    <option name="CHANGED_PATHS">
+      <list>
+        <option value="$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json" />
+      </list>
+    </option>
+  </component>
+  <component name="JsBuildToolGruntFileManager" detection-done="true" sorting="DEFINITION_ORDER" />
+  <component name="JsBuildToolPackageJson" detection-done="true" sorting="DEFINITION_ORDER" />
+  <component name="JsGulpfileManager">
+    <detection-done>true</detection-done>
+    <sorting>DEFINITION_ORDER</sorting>
+  </component>
+  <component name="NodePackageJsonFileManager">
+    <packageJsonPaths />
+  </component>
+  <component name="ProjectFrameBounds" extendedState="6">
+    <option name="x" value="47" />
+    <option name="y" value="23" />
+    <option name="width" value="1440" />
+    <option name="height" value="805" />
+  </component>
+  <component name="ProjectLevelVcsManager" settingsEditedManually="true" />
+  <component name="ProjectView">
+    <navigator proportions="" version="1">
+      <foldersAlwaysOnTop value="true" />
+    </navigator>
+    <panes>
+      <pane id="ProjectPane">
+        <subPane>
+          <expand>
+            <path>
+              <item name="challenges" type="b2602c69:ProjectViewProjectNode" />
+              <item name="challenges" type="462c0819:PsiDirectoryNode" />
+            </path>
+            <path>
+              <item name="challenges" type="b2602c69:ProjectViewProjectNode" />
+              <item name="challenges" type="462c0819:PsiDirectoryNode" />
+              <item name="06-information-security-and-quality-assurance" type="462c0819:PsiDirectoryNode" />
+            </path>
+          </expand>
+          <select />
+        </subPane>
+      </pane>
+      <pane id="Scope" />
+    </panes>
+  </component>
+  <component name="PropertiesComponent">
+    <property name="WebServerToolWindowFactoryState" value="false" />
+    <property name="last_opened_file_path" value="$PROJECT_DIR$" />
+    <property name="nodejs_interpreter_path.stuck_in_default_project" value="undefined stuck path" />
+    <property name="nodejs_npm_path_reset_for_default_project" value="true" />
+  </component>
+  <component name="RunDashboard">
+    <option name="ruleStates">
+      <list>
+        <RuleState>
+          <option name="name" value="ConfigurationTypeDashboardGroupingRule" />
+        </RuleState>
+        <RuleState>
+          <option name="name" value="StatusDashboardGroupingRule" />
+        </RuleState>
+      </list>
+    </option>
+  </component>
+  <component name="SvnConfiguration">
+    <configuration />
+  </component>
+  <component name="TaskManager">
+    <task active="true" id="Default" summary="Default task">
+      <changelist id="aabb8dac-b567-42be-85b0-fe36d98a5a22" name="Default" comment="" />
+      <created>1532235100665</created>
+      <option name="number" value="Default" />
+      <option name="presentableId" value="Default" />
+      <updated>1532235100665</updated>
+      <workItem from="1532235103666" duration="1737000" />
+    </task>
+    <servers />
+  </component>
+  <component name="TimeTrackingManager">
+    <option name="totallyTimeSpent" value="1737000" />
+  </component>
+  <component name="ToolWindowManager">
+    <frame x="0" y="23" width="1440" height="805" extended-state="6" />
+    <editor active="true" />
+    <layout>
+      <window_info content_ui="combo" id="Project" order="0" weight="0.24947146" />
+      <window_info anchor="bottom" id="TODO" order="6" />
+      <window_info anchor="bottom" id="Docker" show_stripe_button="false" />
+      <window_info anchor="bottom" id="Event Log" side_tool="true" />
+      <window_info anchor="bottom" id="Run" order="2" />
+      <window_info anchor="bottom" id="Version Control" />
+      <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
+      <window_info anchor="bottom" id="Terminal" />
+      <window_info anchor="bottom" id="Debug" order="3" weight="0.4" />
+      <window_info id="Favorites" side_tool="true" />
+      <window_info anchor="bottom" id="Find" order="1" />
+      <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
+      <window_info anchor="bottom" id="Inspection" order="5" weight="0.4" />
+      <window_info anchor="right" content_ui="combo" id="Hierarchy" order="2" weight="0.25" />
+      <window_info anchor="right" id="Ant Build" order="1" weight="0.25" />
+      <window_info anchor="bottom" id="Message" order="0" />
+      <window_info anchor="bottom" id="Cvs" order="4" weight="0.25" />
+    </layout>
+  </component>
+  <component name="TypeScriptGeneratedFilesManager">
+    <option name="version" value="1" />
+  </component>
+  <component name="VcsContentAnnotationSettings">
+    <option name="myLimit" value="2678400000" />
+  </component>
+  <component name="editorHistoryManager">
+    <entry file="file://$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json">
+      <provider selected="true" editor-type-id="text-editor">
+        <state relative-caret-position="153">
+          <caret line="9" column="22" lean-forward="true" selection-start-line="9" selection-start-column="22" selection-end-line="9" selection-end-column="22" />
+          <folding>
+            <element signature="e#21368#24165#0" />
+            <element signature="e#24171#26615#0" />
+          </folding>
+        </state>
+      </provider>
+    </entry>
+  </component>
+</project>
\ No newline at end of file
diff --git a/06-information-security-and-quality-assurance/helmetjs.json b/06-information-security-and-quality-assurance/helmetjs.json
index b32d4c5..2868edd 100644
--- a/06-information-security-and-quality-assurance/helmetjs.json
+++ b/06-information-security-and-quality-assurance/helmetjs.json
@@ -8,12 +8,12 @@
       "id": "587d8247367417b2b2512c36",
       "title": "Install and Require Helmet",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
-        "Helmet helps you secure your Express apps by setting various HTTP headers. Install the package, then require it."
+        "注意，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
+        "Helmet 通过配置不同的 HTTP 头部信息来使你的 Express 应用更加安全。安装，并引入 Helmet 这个包。"
       ],
       "tests": [
         {
-          "text": "\"helmet\" dependency should be in package.json",
+          "text": "package.json 文件应该有 \"helmet\" 这个依赖包",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/package.json').then(data => { var packJson = JSON.parse(data); assert.property(packJson.dependencies, 'helmet'); }, xhr => { throw new Error(xhr.responseText); })"
         }
       ],
@@ -26,8 +26,8 @@
       "id": "587d8247367417b2b2512c37",
       "title": "Hide Potentially Dangerous Information Using helmet.hidePoweredBy()",
       "description": [
-        "温馨提醒，这个项目是建立在下面这个模版之上的 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch模版地址</a>, 你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
-        "黑客们可能会利用 Express/Node 的安全问题对你的网站做破坏如果他们知道你的网站是用 Express 搭建的. X-Powered-By: Express 默认情况下会被添加到所有响应的头部。不过 helmet.hidePoweredBy() 中间件可以帮你移除 X-Powered-By 头. 你甚至可以把头设置成其它的值。 如 app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))"
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
+        "如果黑客发现你的网站是用 Express 搭建的，那么他们就可以利用 Express 或 Node 现存的漏洞来攻击你的网站。<code>X-Powered-By: Express</code> 默认情况下会被添加到所有响应的头部。不过 helmet.hidePoweredBy() 中间件可以帮你移除 X-Powered-By 头. 你甚至可以把头设置成其它的值。 如 <code>app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))</code>"
       ],
       "tests": [
         {
@@ -44,17 +44,17 @@
       "id": "587d8247367417b2b2512c38",
       "title": "Mitigate the Risk of Clickjacking with helmet.frameguard()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
-        "Your page could be put in a <frame> or <iframe> without your consent. This can result in clickjacking attacks, among other things. Clickjacking is a technique of tricking a user into interacting with a page different from what the user thinks it is. This can be obtained executing your page in a malicious context, by mean of iframing. In that context a hacker can put a hidden layer over your page. Hidden buttons can be used to run bad scripts. This middleware sets the X-Frame-Options header. It restricts who can put your site in a frame. It has three modes: DENY, SAMEORIGIN, and ALLOW-FROM.",
-        "We don’t need our app to be framed. You should use helmet.frameguard() passing with the configuration object {action: 'deny'}."
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
+        "你的页面有可能会在未经你允许的情况下被放在 <frame> 或者 <iframe> 标签里面。其中一个风险就会导致 clickjacking 攻击。Clickjacking 这个小技巧可以在用户与网站 A 进行交互的时候，欺骗用户让用户以为他是在与网站 B 进行交互。通过 iframing 就可以恶意地执行你的页面。这种情况下，黑客可以在你的页面上再加一层隐藏的层。隐藏的按钮可以用来执行恶意的脚本。helmet 这个中间件可以设置 X-Frame-Options 这个头部。这样就能限制谁可以通过 iframe 引入你的页面了。 有三个模式可供配置: DENY, SAMEORIGIN, 和 ALLOW-FROM.",
+        "我们不需要我们的应用被 iframe 引用。只需要 helmet.frameguard() 这个函数，然后传入配置对象  {action: 'deny'} 就可以了。"
       ],
       "tests": [
         {
-          "text": "helmet.frameguard() middleware should be mounted correctly",
+          "text": "helmet.frameguard() 中间件应该被正确加载",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'frameguard', 'helmet.frameguard() middleware is not mounted correctly'); }, xhr => { throw new Error(xhr.responseText); })"
         },
         {
-          "text": "helmet.frameguard() 'action' should be set to 'DENY'",
+          "text": "helmet.frameguard() 'action' 应该被设置成 'DENY'",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.property(data.headers, 'x-frame-options'); assert.equal(data.headers['x-frame-options'], 'DENY');}, xhr => { throw new Error(xhr.responseText); })"
         }
       ],
@@ -67,7 +67,7 @@
       "id": "587d8247367417b2b2512c39",
       "title": "Mitigate the Risk of Cross Site Scripting (XSS) Attacks with helmet.xssFilter()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "Cross-site scripting (XSS) is a frequent type of attack where malicious scripts are injected into vulnerable pages, with the purpose of stealing sensitive data like session cookies, or passwords.",
         "The basic rule to lower the risk of an XSS attack is simple: “Never trust user’s input”. As a developer you should always sanitize all the input coming from the outside. This includes data coming from forms, GET query urls, and even from POST bodies. Sanitizing means that you should find and encode the characters that may be dangerous e.g. <, >.",
         "Modern browsers can help mitigating the risk by adopting better software strategies. Often these are configurable via http headers.",
@@ -89,7 +89,7 @@
       "id": "587d8248367417b2b2512c3a",
       "title": "Avoid Inferring the Response MIME Type with helmet.noSniff()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "Browsers can use content or MIME sniffing to adapt to different datatypes coming from a response. They override the Content-Type headers to guess and process the data. While this can be convenient in some scenarios, it can also lead to some dangerous attacks. This middleware sets the X-Content-Type-Options header to nosniff. This instructs the browser to not bypass the provided Content-Type."
       ],
       "tests": [
@@ -107,7 +107,7 @@
       "id": "587d8248367417b2b2512c3b",
       "title": "Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "Some web applications will serve untrusted HTML for download. Some versions of Internet Explorer by default open those HTML files in the context of your site. This means that an untrusted HTML page could start doing bad things in the context of your pages. This middleware sets the X-Download-Options header to noopen. This will prevent IE users from executing downloads in the trusted site’s context."
       ],
       "tests": [
@@ -125,7 +125,7 @@
       "id": "587d8248367417b2b2512c3c",
       "title": "Ask Browsers to Access Your Site via HTTPS Only with helmet.hsts()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "HTTP Strict Transport Security (HSTS) is a web security policy which helps to protect websites against protocol downgrade attacks and cookie hijacking. If your website can be accessed via HTTPS you can ask user’s browsers to avoid using insecure HTTP. By setting the header Strict-Transport-Security, you tell the browsers to use HTTPS for the future requests in a specified amount of time. This will work for the requests coming after the initial request.",
         "Configure helmet.hsts() to use HTTPS for the next 90 days. Pass the config object {maxAge: timeInMilliseconds, force: true}. Glitch already has hsts enabled. To override its settings you need to set the field \"force\" to true in the config object. We will intercept and restore the Glitch header, after inspecting it for testing.",
         "Note: Configuring HTTPS on a custom website requires the acquisition of a domain, and a SSL/TSL Certificate."
@@ -149,7 +149,7 @@
       "id": "587d8248367417b2b2512c3d",
       "title": "Disable DNS Prefetching with helmet.dnsPrefetchControl()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "To improve performance, most browsers prefetch DNS records for the links in a page. In that way the destination ip is already known when the user clicks on a link. This may lead to over-use of the DNS service (if you own a big website, visited by millions people…), privacy issues (one eavesdropper could infer that you are on a certain page), or page statistics alteration (some links may appear visited even if they are not). If you have high security needs you can disable DNS prefetching, at the cost of a performance penalty."
       ],
       "tests": [
@@ -167,7 +167,7 @@
       "id": "587d8249367417b2b2512c3e",
       "title": "Disable Client-Side Caching with helmet.noCache()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "If you are releasing an update for your website, and you want the users to always download the newer version, you can (try to) disable caching on client’s browser. It can be useful in development too. Caching has performance benefits, which you will lose, so only use this option when there is a real need."
       ],
       "tests": [
@@ -185,7 +185,7 @@
       "id": "587d8249367417b2b2512c3f",
       "title": "Set a Content Security Policy with helmet.contentSecurityPolicy()",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "This challenge highlights one promising new defense that can significantly reduce the risk and impact of many type of attacks in modern browsers. By setting and configuring a Content Security Policy you can prevent the injection of anything unintended into your page. This will protect your app from XSS vulnerabilities, undesired tracking, malicious frames, and much more. CSP works by defining a whitelist of content sources which are trusted. You can configure them for each kind of resource a web page may need (scripts, stylesheets, fonts, frames, media, and so on…). There are multiple directives available, so a website owner can have a granular control. See HTML 5 Rocks, KeyCDN for more details. Unfortunately CSP is unsupported by older browser.",
         "By default, directives are wide open, so it’s important to set the defaultSrc directive as a fallback. Helmet supports both defaultSrc and default-src naming styles. The fallback applies for most of the unspecified directives. In this exercise, use helmet.contentSecurityPolicy(), and configure it setting the defaultSrc directive to [\"self\"] (the list of allowed sources must be in an array), in order to trust only your website address by default. Set also the scriptSrc directive so that you will allow scripts to be downloaded from your website, and from the domain 'trusted-cdn.com'.",
         "Hint: in the \"'self'\" keyword, the single quotes are part of the keyword itself, so it needs to be enclosed in double quotes to be working."
@@ -209,7 +209,7 @@
       "id": "587d8249367417b2b2512c40",
       "title": "Configure Helmet Using the ‘parent’ helmet() Middleware",
       "description": [
-        "As a reminder, this project is being built upon the following starter project on <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>Glitch</a>, or cloned from <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a>.",
+        "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
         "app.use(helmet()) will automatically include all the middleware introduced above, except noCache(), and contentSecurityPolicy(), but these can be enabled if necessary. You can also disable or configure any other middleware individually, using a configuration object.",
         "// Example",
         "<code>app.use(helmet({</code>",

From 9526fc7c24fcba500aa53f61cca2d34e35858ca8 Mon Sep 17 00:00:00 2001
From: Stanley Lau <stanley@mmldigi.com>
Date: Sun, 22 Jul 2018 13:23:26 +0800
Subject: [PATCH 3/7] Remove IDE generated files

---
 .idea/challenges.iml |  12 ----
 .idea/misc.xml       |   6 --
 .idea/modules.xml    |   8 ---
 .idea/vcs.xml        |   6 --
 .idea/workspace.xml  | 161 -------------------------------------------
 5 files changed, 193 deletions(-)
 delete mode 100644 .idea/challenges.iml
 delete mode 100644 .idea/misc.xml
 delete mode 100644 .idea/modules.xml
 delete mode 100644 .idea/vcs.xml
 delete mode 100644 .idea/workspace.xml

diff --git a/.idea/challenges.iml b/.idea/challenges.iml
deleted file mode 100644
index 24643cc..0000000
--- a/.idea/challenges.iml
+++ /dev/null
@@ -1,12 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<module type="WEB_MODULE" version="4">
-  <component name="NewModuleRootManager">
-    <content url="file://$MODULE_DIR$">
-      <excludeFolder url="file://$MODULE_DIR$/.tmp" />
-      <excludeFolder url="file://$MODULE_DIR$/temp" />
-      <excludeFolder url="file://$MODULE_DIR$/tmp" />
-    </content>
-    <orderEntry type="inheritedJdk" />
-    <orderEntry type="sourceFolder" forTests="false" />
-  </component>
-</module>
\ No newline at end of file
diff --git a/.idea/misc.xml b/.idea/misc.xml
deleted file mode 100644
index 28a804d..0000000
--- a/.idea/misc.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="JavaScriptSettings">
-    <option name="languageLevel" value="ES6" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/modules.xml b/.idea/modules.xml
deleted file mode 100644
index 9fb8e8b..0000000
--- a/.idea/modules.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ProjectModuleManager">
-    <modules>
-      <module fileurl="file://$PROJECT_DIR$/.idea/challenges.iml" filepath="$PROJECT_DIR$/.idea/challenges.iml" />
-    </modules>
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/vcs.xml b/.idea/vcs.xml
deleted file mode 100644
index 94a25f7..0000000
--- a/.idea/vcs.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="VcsDirectoryMappings">
-    <mapping directory="$PROJECT_DIR$" vcs="Git" />
-  </component>
-</project>
\ No newline at end of file
diff --git a/.idea/workspace.xml b/.idea/workspace.xml
deleted file mode 100644
index a3a63cc..0000000
--- a/.idea/workspace.xml
+++ /dev/null
@@ -1,161 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project version="4">
-  <component name="ChangeListManager">
-    <list default="true" id="aabb8dac-b567-42be-85b0-fe36d98a5a22" name="Default" comment="">
-      <change beforePath="$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json" beforeDir="false" afterPath="$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json" afterDir="false" />
-    </list>
-    <ignored path="$PROJECT_DIR$/.tmp/" />
-    <ignored path="$PROJECT_DIR$/temp/" />
-    <ignored path="$PROJECT_DIR$/tmp/" />
-    <option name="EXCLUDED_CONVERTED_TO_IGNORED" value="true" />
-    <option name="TRACKING_ENABLED" value="true" />
-    <option name="SHOW_DIALOG" value="false" />
-    <option name="HIGHLIGHT_CONFLICTS" value="true" />
-    <option name="HIGHLIGHT_NON_ACTIVE_CHANGELIST" value="false" />
-    <option name="LAST_RESOLUTION" value="IGNORE" />
-  </component>
-  <component name="FileEditorManager">
-    <leaf>
-      <file leaf-file-name="helmetjs.json" pinned="false" current-in-tab="true">
-        <entry file="file://$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json">
-          <provider selected="true" editor-type-id="text-editor">
-            <state relative-caret-position="153">
-              <caret line="9" column="22" lean-forward="true" selection-start-line="9" selection-start-column="22" selection-end-line="9" selection-end-column="22" />
-              <folding>
-                <element signature="e#21368#24165#0" />
-                <element signature="e#24171#26615#0" />
-              </folding>
-            </state>
-          </provider>
-        </entry>
-      </file>
-    </leaf>
-  </component>
-  <component name="Git.Settings">
-    <option name="RECENT_GIT_ROOT_PATH" value="$PROJECT_DIR$" />
-  </component>
-  <component name="IdeDocumentHistory">
-    <option name="CHANGED_PATHS">
-      <list>
-        <option value="$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json" />
-      </list>
-    </option>
-  </component>
-  <component name="JsBuildToolGruntFileManager" detection-done="true" sorting="DEFINITION_ORDER" />
-  <component name="JsBuildToolPackageJson" detection-done="true" sorting="DEFINITION_ORDER" />
-  <component name="JsGulpfileManager">
-    <detection-done>true</detection-done>
-    <sorting>DEFINITION_ORDER</sorting>
-  </component>
-  <component name="NodePackageJsonFileManager">
-    <packageJsonPaths />
-  </component>
-  <component name="ProjectFrameBounds" extendedState="6">
-    <option name="x" value="47" />
-    <option name="y" value="23" />
-    <option name="width" value="1440" />
-    <option name="height" value="805" />
-  </component>
-  <component name="ProjectLevelVcsManager" settingsEditedManually="true" />
-  <component name="ProjectView">
-    <navigator proportions="" version="1">
-      <foldersAlwaysOnTop value="true" />
-    </navigator>
-    <panes>
-      <pane id="ProjectPane">
-        <subPane>
-          <expand>
-            <path>
-              <item name="challenges" type="b2602c69:ProjectViewProjectNode" />
-              <item name="challenges" type="462c0819:PsiDirectoryNode" />
-            </path>
-            <path>
-              <item name="challenges" type="b2602c69:ProjectViewProjectNode" />
-              <item name="challenges" type="462c0819:PsiDirectoryNode" />
-              <item name="06-information-security-and-quality-assurance" type="462c0819:PsiDirectoryNode" />
-            </path>
-          </expand>
-          <select />
-        </subPane>
-      </pane>
-      <pane id="Scope" />
-    </panes>
-  </component>
-  <component name="PropertiesComponent">
-    <property name="WebServerToolWindowFactoryState" value="false" />
-    <property name="last_opened_file_path" value="$PROJECT_DIR$" />
-    <property name="nodejs_interpreter_path.stuck_in_default_project" value="undefined stuck path" />
-    <property name="nodejs_npm_path_reset_for_default_project" value="true" />
-  </component>
-  <component name="RunDashboard">
-    <option name="ruleStates">
-      <list>
-        <RuleState>
-          <option name="name" value="ConfigurationTypeDashboardGroupingRule" />
-        </RuleState>
-        <RuleState>
-          <option name="name" value="StatusDashboardGroupingRule" />
-        </RuleState>
-      </list>
-    </option>
-  </component>
-  <component name="SvnConfiguration">
-    <configuration />
-  </component>
-  <component name="TaskManager">
-    <task active="true" id="Default" summary="Default task">
-      <changelist id="aabb8dac-b567-42be-85b0-fe36d98a5a22" name="Default" comment="" />
-      <created>1532235100665</created>
-      <option name="number" value="Default" />
-      <option name="presentableId" value="Default" />
-      <updated>1532235100665</updated>
-      <workItem from="1532235103666" duration="1737000" />
-    </task>
-    <servers />
-  </component>
-  <component name="TimeTrackingManager">
-    <option name="totallyTimeSpent" value="1737000" />
-  </component>
-  <component name="ToolWindowManager">
-    <frame x="0" y="23" width="1440" height="805" extended-state="6" />
-    <editor active="true" />
-    <layout>
-      <window_info content_ui="combo" id="Project" order="0" weight="0.24947146" />
-      <window_info anchor="bottom" id="TODO" order="6" />
-      <window_info anchor="bottom" id="Docker" show_stripe_button="false" />
-      <window_info anchor="bottom" id="Event Log" side_tool="true" />
-      <window_info anchor="bottom" id="Run" order="2" />
-      <window_info anchor="bottom" id="Version Control" />
-      <window_info id="Structure" order="1" side_tool="true" weight="0.25" />
-      <window_info anchor="bottom" id="Terminal" />
-      <window_info anchor="bottom" id="Debug" order="3" weight="0.4" />
-      <window_info id="Favorites" side_tool="true" />
-      <window_info anchor="bottom" id="Find" order="1" />
-      <window_info anchor="right" id="Commander" internal_type="SLIDING" order="0" type="SLIDING" weight="0.4" />
-      <window_info anchor="bottom" id="Inspection" order="5" weight="0.4" />
-      <window_info anchor="right" content_ui="combo" id="Hierarchy" order="2" weight="0.25" />
-      <window_info anchor="right" id="Ant Build" order="1" weight="0.25" />
-      <window_info anchor="bottom" id="Message" order="0" />
-      <window_info anchor="bottom" id="Cvs" order="4" weight="0.25" />
-    </layout>
-  </component>
-  <component name="TypeScriptGeneratedFilesManager">
-    <option name="version" value="1" />
-  </component>
-  <component name="VcsContentAnnotationSettings">
-    <option name="myLimit" value="2678400000" />
-  </component>
-  <component name="editorHistoryManager">
-    <entry file="file://$PROJECT_DIR$/06-information-security-and-quality-assurance/helmetjs.json">
-      <provider selected="true" editor-type-id="text-editor">
-        <state relative-caret-position="153">
-          <caret line="9" column="22" lean-forward="true" selection-start-line="9" selection-start-column="22" selection-end-line="9" selection-end-column="22" />
-          <folding>
-            <element signature="e#21368#24165#0" />
-            <element signature="e#24171#26615#0" />
-          </folding>
-        </state>
-      </provider>
-    </entry>
-  </component>
-</project>
\ No newline at end of file

From ea30c251a68cc40838bbe8956d6f6396f5546cb3 Mon Sep 17 00:00:00 2001
From: Stanley Lau <stanley@mmldigi.com>
Date: Wed, 25 Jul 2018 12:31:58 +0800
Subject: [PATCH 4/7] Update according to comments

---
 .../information-security-with-helmetjs.json               | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
index 2868edd..6eda557 100644
--- a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
+++ b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
@@ -27,7 +27,7 @@
       "title": "Hide Potentially Dangerous Information Using helmet.hidePoweredBy()",
       "description": [
         "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
-        "如果黑客发现你的网站是用 Express 搭建的，那么他们就可以利用 Express 或 Node 现存的漏洞来攻击你的网站。<code>X-Powered-By: Express</code> 默认情况下会被添加到所有响应的头部。不过 helmet.hidePoweredBy() 中间件可以帮你移除 X-Powered-By 头. 你甚至可以把头设置成其它的值。 如 <code>app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))</code>"
+        "如果黑客发现你的网站是用 Express 搭建的，那么他们就可以利用 Express 或 Node 现存的漏洞来攻击你的网站。<code>X-Powered-By: Express</code> 默认情况下会被添加到所有响应的头部。不过 helmet.hidePoweredBy() 中间件可以帮你移除 X-Powered-By 头。你甚至可以把头设置成其它的值。 如 <code>app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }))</code>"
       ],
       "tests": [
         {
@@ -45,8 +45,8 @@
       "title": "Mitigate the Risk of Clickjacking with helmet.frameguard()",
       "description": [
         "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
-        "你的页面有可能会在未经你允许的情况下被放在 <frame> 或者 <iframe> 标签里面。其中一个风险就会导致 clickjacking 攻击。Clickjacking 这个小技巧可以在用户与网站 A 进行交互的时候，欺骗用户让用户以为他是在与网站 B 进行交互。通过 iframing 就可以恶意地执行你的页面。这种情况下，黑客可以在你的页面上再加一层隐藏的层。隐藏的按钮可以用来执行恶意的脚本。helmet 这个中间件可以设置 X-Frame-Options 这个头部。这样就能限制谁可以通过 iframe 引入你的页面了。 有三个模式可供配置: DENY, SAMEORIGIN, 和 ALLOW-FROM.",
-        "我们不需要我们的应用被 iframe 引用。只需要 helmet.frameguard() 这个函数，然后传入配置对象  {action: 'deny'} 就可以了。"
+        "黑客可能会不经过你的允许，把你的页面嵌套在 <frame> 或者 <iframe> 标签里，用以实现“点击劫持”。点击劫持是一种视觉上的欺骗手段，让用户误以为自己在与所看到的网页交互。通过 iframe，黑客可以在你的页面上添加一个透明的“层”，然后把自己的恶意代码放在一个用户看不到的按钮中。这样一来，你网站的执行环境就被黑客设置成了他想要的效果。helmet 中间件可以设置 X-Frame-Options 这个头部。这样就能限制谁可以通过 iframe 引入你的页面了。 有三个模式可供配置: DENY, SAMEORIGIN, 和 ALLOW-FROM.",
+        "我们的应用不需要被 iframe 引用。你可以调用 <code>helmet.frameguard()</code> 这个方法，然后传入配置对象  <code>{action: 'deny'}</code> 就可以了。"
       ],
       "tests": [
         {
@@ -54,7 +54,7 @@
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'frameguard', 'helmet.frameguard() middleware is not mounted correctly'); }, xhr => { throw new Error(xhr.responseText); })"
         },
         {
-          "text": "helmet.frameguard() 'action' 应该被设置成 'DENY'",
+          "text": "<code>helmet.frameguard()</code> 中的 <code>action</code> 属性的值应该为 'DENY'",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.property(data.headers, 'x-frame-options'); assert.equal(data.headers['x-frame-options'], 'DENY');}, xhr => { throw new Error(xhr.responseText); })"
         }
       ],

From 32db54653aa54b47e92f1461ecb24a1829929c0b Mon Sep 17 00:00:00 2001
From: Stanley Lau <stanley@mmldigi.com>
Date: Tue, 31 Jul 2018 23:44:17 +0800
Subject: [PATCH 5/7] Finish tranlating 2 lessons everyday

---
 .../information-security-with-helmetjs.json      | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
index 6eda557..75f1bad 100644
--- a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
+++ b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
@@ -68,15 +68,15 @@
       "title": "Mitigate the Risk of Cross Site Scripting (XSS) Attacks with helmet.xssFilter()",
       "description": [
         "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
-        "Cross-site scripting (XSS) is a frequent type of attack where malicious scripts are injected into vulnerable pages, with the purpose of stealing sensitive data like session cookies, or passwords.",
-        "The basic rule to lower the risk of an XSS attack is simple: “Never trust user’s input”. As a developer you should always sanitize all the input coming from the outside. This includes data coming from forms, GET query urls, and even from POST bodies. Sanitizing means that you should find and encode the characters that may be dangerous e.g. <, >.",
-        "Modern browsers can help mitigating the risk by adopting better software strategies. Often these are configurable via http headers.",
-        "The X-XSS-Protection HTTP header is a basic protection. The browser detects a potential injected script using a heuristic filter. If the header is enabled, the browser changes the script code, neutralizing it.",
-        "It still has limited support."
+        "跨站脚本 (XSS) 是一种常见的攻击手段，可以通过页面上的安全漏洞给页面注入恶意脚本, 从而达到获取用户密码等敏感信息。",
+        "防止跨站脚本的基本原则也非常简单：“永远不要相信用户的输入”。作为一个开发者，你应该对所有用户的输入进行审查。这包括来自表单，GET 请求 URL，以及 POST 请求主体内容的数据。审查就是指你应该查找并给有潜在风险的字符进行编码。 例如 ``<`` ``,`` ``>``",
+        "现代浏览器可以通过更好的软件策略来减低这种风险。通常我们可以通过配置 HTTP 头部来达到这个目的",
+        "``X-XSS-Protection`` 这个 HTTP 头部是最基本的防护措施。 浏览器通过启发式过滤器检测到可能有被注入的恶意脚本，这个时候，如果你的头部有``X-XSS-Protection`` 浏览器就会通过改变这个潜在的恶意注入脚本来抵消风险。",
+        "这个头部目前的支持还不是特别好。"
       ],
       "tests": [
         {
-          "text": "helmet.xssFilter() middleware should be mounted correctly",
+          "text": "helmet.xssFilter() 中间件应该被正确加载",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'xXssProtection'); assert.property(data.headers, 'x-xss-protection'); }, xhr => { throw new Error(xhr.responseText); })"
         }
       ],
@@ -90,11 +90,11 @@
       "title": "Avoid Inferring the Response MIME Type with helmet.noSniff()",
       "description": [
         "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
-        "Browsers can use content or MIME sniffing to adapt to different datatypes coming from a response. They override the Content-Type headers to guess and process the data. While this can be convenient in some scenarios, it can also lead to some dangerous attacks. This middleware sets the X-Content-Type-Options header to nosniff. This instructs the browser to not bypass the provided Content-Type."
+        "浏览器可以通过探查 ``content`` 或者 ``MIME`` 头部来判断不同的响应内容。这两个的优先级比 ``Content-Type`` 还高，浏览器可以通过这两个头部来猜测并处理响应。这个在某些情况下非常实用，但也会造成一定的潜在风险。我们可以通过中间件来设置 ``X-Content-Type-Options`` 头部为 ``nosniff``。 这样，浏览器就不会绕过 ``Content-Type`` 这个头了。"
       ],
       "tests": [
         {
-          "text": "helmet.noSniff() middleware should be mounted correctly",
+          "text": "helmet.noSniff() 中间件应该被正确加载",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'nosniff'); assert.equal(data.headers['x-content-type-options'], 'nosniff'); }, xhr => { throw new Error(xhr.responseText); })"
         }
       ],

From 96ef6aedc26090f81cbb5f14913d8f9d5805f4ae Mon Sep 17 00:00:00 2001
From: Stanley Lau <stanley@mmldigi.com>
Date: Wed, 1 Aug 2018 21:41:13 +0800
Subject: [PATCH 6/7] Update one lesson

---
 .../information-security-with-helmetjs.json                   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
index 75f1bad..93807f1 100644
--- a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
+++ b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
@@ -108,11 +108,11 @@
       "title": "Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()",
       "description": [
         "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
-        "Some web applications will serve untrusted HTML for download. Some versions of Internet Explorer by default open those HTML files in the context of your site. This means that an untrusted HTML page could start doing bad things in the context of your pages. This middleware sets the X-Download-Options header to noopen. This will prevent IE users from executing downloads in the trusted site’s context."
+        "有些网站会下载不安全的 HTML 文件，某些版本的 IE 默认情况下还在你网站的作用域下打开这些 HTML 文件。换句话说，这些不安全的 HTML 页面可以在你的网站做恶意行为。我们可以通过中间件来设置 ``X-Download-Options`` 头部为 to ``noopen``。这可以防治 IE 在信任的网站下执行下载的文件。"
       ],
       "tests": [
         {
-          "text": "helmet.ieNoOpen() middleware should be mounted correctly",
+          "text": "helmet.ieNoOpen() 中间件应该被正确加载",
           "testString": "getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'ienoopen'); assert.equal(data.headers['x-download-options'], 'noopen'); }, xhr => { throw new Error(xhr.responseText); })"
         }
       ],

From f23eb16d5fed0f1b637cfc0cdbd4016194abf626 Mon Sep 17 00:00:00 2001
From: Stanley Lau <stanley@mmldigi.com>
Date: Wed, 1 Aug 2018 21:42:14 +0800
Subject: [PATCH 7/7] Fix typo

---
 .../information-security-with-helmetjs.json                     | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
index 93807f1..4b4178f 100644
--- a/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
+++ b/06-information-security-and-quality-assurance/information-security-with-helmetjs.json
@@ -108,7 +108,7 @@
       "title": "Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen()",
       "description": [
         "温馨提醒，本项目在 <a href='https://glitch.com/#!/import/github/freeCodeCamp/boilerplate-infosec/'>这个 Glitch 项目</a> 的基础上进行开发。你也可以从 <a href='https://github.com/freeCodeCamp/boilerplate-infosec/'>GitHub</a> 上克隆。",
-        "有些网站会下载不安全的 HTML 文件，某些版本的 IE 默认情况下还在你网站的作用域下打开这些 HTML 文件。换句话说，这些不安全的 HTML 页面可以在你的网站做恶意行为。我们可以通过中间件来设置 ``X-Download-Options`` 头部为 to ``noopen``。这可以防治 IE 在信任的网站下执行下载的文件。"
+        "有些网站会下载不安全的 HTML 文件，某些版本的 IE 默认情况下还会在你网站的作用域下打开这些 HTML 文件。换句话说，这些不安全的 HTML 页面可以在你的网站做恶意行为。我们可以通过中间件来设置 ``X-Download-Options`` 头部为 ``noopen``。这样就可以防治 IE 在不信任的网站下执行下载的文件。"
       ],
       "tests": [
         {