web-security

Original🇺🇸 English
Translated

Enforce web security and avoid security vulnerabilities

8installs
Sourceacademind/ai-config
Added on

NPX Install

npx skill4agent add academind/ai-config web-security

Tags

Translated version includes tags in frontmatter
web-securityxss-protectionauthentication-authorizationcsp-practicessupply-chain-security

SKILL.md Content

View Translation Comparison →

Web Security

We treat web security as a core requirement, not an afterthought. Assume hostile input and untrusted environments by default.

Core Principles

  • NEVER trust user input
  • ALWAYS validate and sanitize data at boundaries
  • Prefer secure defaults over configurability

XSS & Injection

  • AVOID 
    dangerouslySetInnerHTML
    and raw HTML injection
  • Escape and encode dynamic content properly
  • Never interpolate untrusted data into HTML, CSS, or JS contexts
  • Ensure SQL injection protection

Authentication & Authorization

  • Do not store secrets or tokens in insecure locations
  • AVOID localStorage for sensitive credentials when possible
  • Use HTTP-only, secure cookies where applicable
  • Always enforce authorization on the server

Browser Security APIs

  • Respect CORS, CSP, and browser security boundaries
  • Use Content Security Policy to restrict script and resource execution
  • Avoid inline scripts and styles when CSP is enabled

Data Handling

  • Minimize data exposure
  • Do not log sensitive information

Dependencies & Supply Chain

  • Avoid unnecessary packages
  • Treat third-party code as untrusted input

General Principles

  • Simplicity reduces attack surface
  • If unsure, choose the more restrictive option