gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
95aacb6c025a5234c5d517adc4267a64595d91e9
freeCodeCamp/curriculum/challenges/english/06-information-security-and-quality-assurance/information-security-with-helmetjs/prevent-ie-from-opening-untrusted-html-with-helmet.ienoopen.english.md
Valeriy 79d9012432 fix(curriculum): quotes in tests (#18828) 
* fix(curriculum): tests quotes

* fix(curriculum): fill seed-teardown

* fix(curriculum): fix tests and remove unneeded seed-teardown
2018-10-20 23:32:47 +05:30

1.4 KiB
Raw Blame History

id, title, challengeType
id title challengeType
587d8248367417b2b2512c3b Prevent IE from Opening Untrusted HTML with helmet.ieNoOpen() 2

Description

As a reminder, this project is being built upon the following starter project on Glitch, or cloned from GitHub. Some web applications will serve untrusted HTML for download. Some versions of Internet Explorer by default open those HTML files in the context of your site. This means that an untrusted HTML page could start doing bad things in the context of your pages. This middleware sets the X-Download-Options header to noopen. This will prevent IE users from executing downloads in the trusted sites context.

Instructions

Tests

tests:
  - text: helmet.ieNoOpen() middleware should be mounted correctly
    testString: getUserInput => $.get(getUserInput('url') + '/_api/app-info').then(data => { assert.include(data.appStack, 'ienoopen'); assert.equal(data.headers['x-download-options'], 'noopen'); }, xhr => { throw new Error(xhr.responseText); })

Challenge Seed

Solution

// solution required