Skip to content

Commit

Permalink
tag fix for 50.6.1, new tag 'deprecates'
Browse files Browse the repository at this point in the history
  • Loading branch information
Elar Lang authored and tghosth committed Dec 21, 2023
1 parent f54b7ed commit d5c6c3e
Showing 1 changed file with 3 additions and 3 deletions.
6 changes: 3 additions & 3 deletions 5.0/en/0x50-V50-Web-Frontend-Security.md
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ The category focuses on requirements which protect against attacks that are exec

| # | Description | L1 | L2 | L3 | CWE |
| :---: | :--- | :---: | :---: | :---: | :---: |
| **50.1.1** | [ADDED] Verify that separate applications are hosted on different hostnames to benefit from the restrictions provided by the "same-origin policy" including how documents or scripts loaded by one origin can interact with resources from another origin and hostname restrictions on cookies. |||| 668 |
| **50.1.1** | [ADDED, DEPRECATES 3.4.5] Verify that separate applications are hosted on different hostnames to benefit from the restrictions provided by the "same-origin policy" including how documents or scripts loaded by one origin can interact with resources from another origin and hostname restrictions on cookies. |||| 668 |

## V50.2 Browser Security Mechanism Headers

Expand Down Expand Up @@ -49,13 +49,13 @@ The category should contain requirements with ideas:
| :---: | :--- | :---: | :---: | :---: | :---: |
| **50.5.1** | [GRAMMAR, MOVED FROM 12.5.2] Verify that direct requests to uploaded files will never be executed as HTML and JavaScript content. |||| 434 |
| **50.5.2** | [MODIFIED, MOVED FROM 1.12.2] Verify that user-uploaded files - if required to be displayed or downloaded from the application - are served by either octet stream downloads, or from an unrelated domain, such as a cloud file storage bucket. | ||| 646 |
| **50.5.3** | [ADDED] Verify that to prevent browsers from rendering content or functionality in HTTP responses in an incorrect context, security controls are in place (e.g. not serving the content unless headers indicate it is the correct context, Content-Security-Policy: sandbox, Content-Disposition: attachment, etc). For example when an API or other resource is loaded directly. |||| |
| **50.5.3** | [ADDED, DEPRECATES 14.4.2] Verify that to prevent browsers from rendering content or functionality in HTTP responses in an incorrect context, security controls are in place (e.g. not serving the content unless headers indicate it is the correct context, Content-Security-Policy: sandbox, Content-Disposition: attachment, etc). For example when an API or other resource is loaded directly. |||| |

## V50.6 External Resource Integrity

| # | Description | L1 | L2 | L3 | CWE |
| :---: | :--- | :---: | :---: | :---: | :---: |
| **50.6.1** | [MODIFIED, MOVED FROM ] Verify that if client-side assets, such as JavaScript libraries, CSS or web fonts, are hosted externally on a Content Delivery Network (CDN) or external provider, Subresource Integrity (SRI) is used to validate the integrity of the asset. |||| 829 |
| **50.6.1** | [MODIFIED, MOVED FROM 14.2.3] Verify that if client-side assets, such as JavaScript libraries, CSS or web fonts, are hosted externally on a Content Delivery Network (CDN) or external provider, Subresource Integrity (SRI) is used to validate the integrity of the asset. |||| 829 |

## V50.7 Other Browser Security Considerations

Expand Down

0 comments on commit d5c6c3e

Please sign in to comment.