Skip to content

Commit cd23779

Browse files
amirhhashemiamirhhashemi
committed
update
1 parent bba6f2f commit cd23779

File tree

1 file changed

+6
-5
lines changed

1 file changed

+6
-5
lines changed

src/routes/solid-start/guides/security.mdx

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -13,10 +13,11 @@ To protect your application from XSS attacks:
1313

1414
1. Avoid using [`innerHTML`](/reference/jsx-attributes/innerhtml-or-textcontent#innerhtml-or-textcontent) when possible.
1515
If you must use it, sanitize the content before rendering with libraries such as [DOMPurify](https://github.com/cure53/DOMPurify).
16-
2. Set a Content Security Policy (CSP).
17-
3. Validate and sanitize user inputs.
16+
2. Validate and sanitize user inputs.
1817
Always validate form inputs on the server in addition to the client.
19-
4. Use the `HttpOnly` and `Secure` attributes on cookies.
18+
3. Set a Content Security Policy (CSP).
19+
20+
We highly recommend you read [Cross Site Scripting Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross_Site_Scripting_Prevention_Cheat_Sheet.html) for more guidance.
2021

2122
## CSP (Content Security Policy)
2223

@@ -141,7 +142,7 @@ export default createMiddleware({
141142

142143
## CSRF (Cross-Site Request Forgery)
143144

144-
To prevent CSRF attacks, you can use a middleware to block untrusted requests.
145+
To prevent CSRF attacks, you can use a middleware to block untrusted requests:
145146

146147
```tsx
147148
import { createMiddleware } from "@solidjs/start/middleware";
@@ -201,4 +202,4 @@ export default createMiddleware({
201202
This example demonstrates a basic implementation of CSRF protection that checks for the `Origin` and `Referer` headers and blocks requests that are not from trusted origins.
202203
In addition, consider implementing a more comprehensive CSRF protection mechanism such as [Double-Submit Cookie Pattern](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#alternative-using-a-double-submit-cookie-pattern).
203204

204-
We highly recommend you read through [Cross-Site Request Forgery Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html) for more guidance.
205+
We highly recommend you read [Cross-Site Request Forgery Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html) for more guidance.

0 commit comments

Comments
 (0)