Security

In combostrap, we are taking security very seriously.

Below are the steps that we have taken to prevent the following attack.

Every form uses a token to prevent a cross-site request attack (CSRF))

To prevent an injection attack

• every HTML output is escaped to prevent HTML/Javascript injection.
• every SQL input is passed through parameters to prevent SQL injection
• every SVG got the script node deleted.

We apply the Content Security Policy framework.

By default, we disallow:

• the framing of the website to prevent clickjacking.
• the use of http and https at the same time

We set the Referrer-Policy to not send private URL to external domain.

Dokuwiki follows also this rules (see devel:security). We are making use of the CSRF token functionality.

For any security concern or issue, you can contact us at security [at] combostrap [dot] com