Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement Trusted Types #16

Closed
4 tasks done
henrym2 opened this issue Jul 28, 2020 · 0 comments · Fixed by #22
Closed
4 tasks done

Implement Trusted Types #16

henrym2 opened this issue Jul 28, 2020 · 0 comments · Fixed by #22
Assignees
@henrym2
Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
Ise web security bundle
Milestone
MVP

Comments

@henrym2
Copy link
Collaborator

henrym2 commented Jul 28, 2020
edited
Loading

Expected Behavior

Trusted types will help reduce the scope of browser XSS sinks in the application. However as the application is primarily server side, with limited scope of javascript interaction, the implementation of this feature should simply provide a mechanism for defining Trusted Types headers and, if possible, an implementation guide as to how to use them in an application

Steps to implement a solution

  • Understand Symfony CSP scope
  • Define headers for Trusted types
  • Devise sensible Trusted types policies
  • Produce trusted types policy implementation guides
@henrym2 henrym2 added documentation Improvements or additions to documentation enhancement New feature or request labels Jul 28, 2020
@henrym2 henrym2 added this to the MVP milestone Jul 28, 2020
@henrym2 henrym2 self-assigned this Jul 28, 2020
@henrym2 henrym2 mentioned this issue Jul 28, 2020
Open
6 tasks
@henrym2 henrym2 moved this from To do to In progress in Ise web security bundle Aug 6, 2020
@henrym2 henrym2 mentioned this issue Aug 24, 2020
Merged
2 tasks
@henrym2 henrym2 moved this from In progress to In Review in Ise web security bundle Aug 27, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@henrym2 henrym2

Labels
documentation Improvements or additions to documentation enhancement New feature or request
Projects
Ise web security bundle
  
In Review
Milestone
MVP
Development

Successfully merging a pull request may close this issue.

Added initial TT implementation GoogleChromeLabs/IseWebSecurityBundle
1 participant
@henrym2