https://github.com/netlify/csp_nonce_html_transformer

Last synced: 4 months ago
JSON representation

Host: GitHub
URL: https://github.com/netlify/csp_nonce_html_transformer
Owner: netlify
License: bsd-3-clause
Created: 2024-11-08T14:22:58.000Z (8 months ago)
Default Branch: main
Last Pushed: 2025-02-24T04:45:29.000Z (4 months ago)
Last Synced: 2025-02-27T12:42:20.937Z (4 months ago)
Language: TypeScript
Size: 2.89 MB
Stars: 1
Watchers: 1
Forks: 0
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# csp_nonce_html_transformer

Use a [nonce](https://content-security-policy.com/nonce/) for the `script-src`
directive of your Content Security Policy (CSP) to help prevent
[cross-site scripting (XSS)](https://developer.mozilla.org/en-US/docs/Web/Security/Types_of_attacks#cross-site_scripting_xss)
attacks.

This functions takes a response and will add a header and transforms the HTML
response body to contain a unique nonce on every request.

Scripts that do not contain a matching `nonce` attribute, or that were not
created from a trusted script (see
[strict-dynamic](https://content-security-policy.com/strict-dynamic/)), will not
be allowed to run.

If the response already has a CSP, this will merge the directives it generates
with your the directives.

## License

This project is licensed under the BSD 3-Clause license.

`csp_nonce_html_transformer` is based on
[remorses/htmlrewriter](https://github.com/remorses/htmlrewriter) which is BSD
3-Clause licensed.

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/netlify/csp_nonce_html_transformer

Awesome Lists containing this project

README