gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
main
freeCodeCamp/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen.md
GM Fuster 3b056aa7b4 chore(replit): use correct brand name across codebase (#41941) 
* replace repl.it with replit.com in the English version

Replace repl.it to replit.com in the English version.  Chinese and Spanish versions have the same issue.

* Updated the repl.it to replit.com or Replit

I changed the text from replit.com to Replit and added the changes to the files outside the curriculum folder.

* Forgot removing one .com.

There was on Replit.com that I missed when I reviewed the files.

* Resolve conflicts

I got an unable to auto merge so resolving conflicts and trying again.

* try committing conflicts again

* Trying the conflicts again

* chore: fix typo in personal library

Co-authored-by: Shaun Hamilton <51722130+ShaunSHamilton@users.noreply.github.com>

Co-authored-by: gemmaf98 <44875585+gemmaf98@users.noreply.github.com>
Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>
Co-authored-by: Shaun Hamilton <51722130+ShaunSHamilton@users.noreply.github.com>
2021-04-29 11:13:38 +01:00

1.5 KiB
Raw Permalink Blame History

id, title, challengeType, forumTopicId, dashedName
id title challengeType forumTopicId dashedName
587d8248367417b2b2512c3b Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen() 2 301584 prevent-ie-from-opening-untrusted-html-with-helmet-ienoopen

--description--

As a reminder, this project is being built upon the following starter project on Replit, or cloned from GitHub.

Some web applications will serve untrusted HTML for download. Some versions of Internet Explorer by default open those HTML files in the context of your site. This means that an untrusted HTML page could start doing bad things in the context of your pages. This middleware sets the X-Download-Options header to noopen. This will prevent IE users from executing downloads in the trusted sites context.

--instructions--

Use the helmet.ieNoOpen() method on your server.

--hints--

helmet.ieNoOpen() middleware should be mounted correctly

(getUserInput) =>
  $.get(getUserInput('url') + '/_api/app-info').then(
    (data) => {
      assert.include(data.appStack, 'ienoopen');
      assert.equal(data.headers['x-download-options'], 'noopen');
    },
    (xhr) => {
      throw new Error(xhr.responseText);
    }
  );

--solutions--

/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/