Skip to content

Commit

Permalink
50.4.2 XSSI wording improvement++
Browse files Browse the repository at this point in the history 
#903 (comment)
  • Loading branch information
@elarlang
elarlang authored Dec 28, 2023
1 parent e55b133 commit 46dba30
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion 5.0/en/0x50-V50-Web-Frontend-Security.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ The category should contain requirements with ideas:
| # | Description | L1 | L2 | L3 | CWE |
| :---: | :--- | :---: | :---: | :---: | :---: |
| **50.4.1** | [ADDED] Verify that JSONP functionality is not enabled anywhere across the application to avoid Cross-Site Script Inclusion (XSSI) attacks. |||| |
| **50.4.2** | [ADDED] Verify that data which should require authorization to access is not returned in script resource responses to avoid Cross-Site Script Inclusion (XSSI) attacks. |||| |
| **50.4.2** | [ADDED] Verify that data that should require authorization to access is not returned in script resource responses, such as JavaScript files, to avoid Cross-Site Script Inclusion (XSSI) attacks. |||| |

## V50.5 Unintended Content Interpretation

Expand Down

2 comments on commit 46dba30

@jmanico
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I make a small language suggest here just to make it more smooth:

"Verify that data requiring authorization is not included in script resource responses, like JavaScript files, to prevent Cross-Site Script Inclusion (XSSI) attacks."

@elarlang
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

26b4f07

Please sign in to comment.