What are the security measures that we take?

Undraw Icon Design Re 9web

About

At Combostrap, we are taking security very seriously and take the following measures to prevent any attack.

Prevention

Below are the steps that we have taken to prevent the following attacks.

Cross-site request attack

Every form uses a token to prevent a cross-site request attack (CSRF))

Injection Attack

To prevent an injection attack:

  • every HTML output is escaped to prevent HTML/Javascript injection.
  • every SQL input is passed through parameters to prevent SQL injection
  • every SVG got the script node deleted.
  • No HTML attribute is allowed with the exception of the class. Why? They allow code injections such as ClickJacking

Content Security Policy

We apply the Content Security Policy framework.

By default, we disallow:

  • the framing of the website to prevent clickjacking.
  • the use of http and https at the same time

No leak

We set the Referrer-Policy to not send private URL to external domain.

Dokuwiki

Dokuwiki follows also this rules (see devel%3Asecurity). We are making use of the CSRF token functionality.

Reporting Security Issues

For any security concern or issue, you can contact us at security [at] combostrap [dot] com




Showcase yourself and your brand

Get free news, tips, and tricks
to create a remarkable experience for your readers.




Related HowTo's
Undraw Animating
How to add HTML , Css, and Javascript directly to the content of your pages?

This article shows you how you can add HTML, CSS, or Javascript to the content of your markup page.


Recommended Pages
Undraw My Documents
ComboStrap Styling - Marki Language

ComboStrap implements in most of its components the marki language. It's a simplified version of the HTML language and follows the same rules. Below, we describe the , they all have in common. Every...
Undraw My Documents
Create diagram with mermaid

This component will render mermaid diagram
Undraw My Documents
Security - Style attribute

ComboStrap does not supports the style attribute for security concerns. The style attribute is deleted if found. Via the style attribute, you can inject code. For instance, you can make from a link,...



Task Runner