You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: javascript/ql/src/Security/CWE-693/InsecureHelmet.qhelp
+2-2Lines changed: 2 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -2,7 +2,7 @@
2
2
<qhelp>
3
3
<overview>
4
4
<p>
5
-
<ahref="https://helmetjs.github.io/">Helmet</a> is a collection of middleware functions for securing Express apps. It sets various HTTP headers to guard against common web vulnerabilities.<br>
5
+
<ahref="https://helmetjs.github.io/">Helmet</a> is a collection of middleware functions for securing Express apps. It sets various HTTP headers to guard against common web vulnerabilities.
6
6
7
7
This query detects Helmet misconfigurations that can lead to security vulnerabilities, specifically:
8
8
</p>
@@ -13,7 +13,7 @@
13
13
</ul>
14
14
15
15
<p>
16
-
Content Security Policy (CSP) helps spot and prevent injection attacks such as Cross-Site Scripting (XSS).<br>
16
+
Content Security Policy (CSP) helps spot and prevent injection attacks such as Cross-Site Scripting (XSS).
17
17
18
18
Removing frame protections exposes an application to attacks such as clickjacking, where an attacker can trick a user into clicking on a button or link on a targeted page when they intended to click on the page carrying out the attack.
0 commit comments