gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
6b3c61c73757d6ffe2ea332cbc44dad7948d1175
freeCodeCamp/curriculum/challenges/english/09-information-security/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen.english.md
Kristofer Koishigawa 6b3c61c737 feat: update backend project links (#39314) 
* feat: update backend project links

Replace solution and remix Glitch links with equivalent Repl.it links in backend projects/challenges and intro pages.

* fix: link and Repl.it casing

* fix: update mention of glitch in testing challenge

* Apply suggestions from code review

Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>

Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>
Co-authored-by: Oliver Eyton-Williams <ojeytonwilliams@gmail.com>
2020-08-17 14:38:16 -07:00

1.6 KiB
Raw Blame History

id, title, challengeType, isHidden, forumTopicId
id title challengeType isHidden forumTopicId
587d8248367417b2b2512c3b Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen() 2 false 301584

Description

As a reminder, this project is being built upon the following starter project on Repl.it, or cloned from GitHub. Some web applications will serve untrusted HTML for download. Some versions of Internet Explorer by default open those HTML files in the context of your site. This means that an untrusted HTML page could start doing bad things in the context of your pages. This middleware sets the X-Download-Options header to noopen. This will prevent IE users from executing downloads in the trusted sites context.

Instructions

Tests

tests:
  - text: helmet.ieNoOpen() middleware should be mounted correctly
    testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'ienoopen'); assert.equal(data.headers['x-download-options'], 'noopen'); }, xhr => { throw new Error(xhr.responseText); })

Challenge Seed

Solution

/**
  Backend challenges don't need solutions, 
  because they would need to be tested against a full working project. 
  Please check our contributing guidelines to learn more.
*/