mikewest / deprecating-document-domainLinks
`document.domain` intentionally weakens the only security boundary we have. Perhaps we can dump it?
☆17Updated last year
Alternatives and similar repositories for deprecating-document-domain
Users that are interested in deprecating-document-domain are comparing it to the libraries listed below
Sorting:
- WebAppSec Content Security Policy☆220Updated last month
- Fetch Metadata☆75Updated 4 months ago
- A Modest Content Security Proposal☆40Updated 3 years ago
- This is both a terrible and wonderful idea.☆12Updated 5 years ago
- WebAppSec Subresource Integrity☆76Updated last month
- Signature-based Resource Loading Restrictions☆41Updated last week
- Opaque Response Blocking (CORB++)☆35Updated 3 years ago
- Agenda/Minutes of Anti-Fraud Community Group meetings.☆19Updated 3 weeks ago
- ☆23Updated 3 years ago
- Custom ESLint rule to disallows unsafe innerHTML, outerHTML, insertAdjacentHTML and alike☆238Updated 3 months ago
- ☆244Updated last month
- Explainer for Schemeful Same-Site☆15Updated 5 years ago
- Shavar/tracking protection lists used in prod☆150Updated last week
- Secure Contexts, but with _more_ secureness!☆20Updated last year
- New proposals in the Privacy Community Group☆128Updated 3 years ago
- WebAppSec Secure Contexts☆35Updated 6 months ago
- What is browser fingerprinting and how should specification authors address it.☆66Updated 2 weeks ago
- Web Application Security Working Group repo☆633Updated last week
- Test cases and harnesses for URL testing☆30Updated 8 years ago
- Specification for the Client Hints infrastructure - privacy preserving proactive content negotiation☆63Updated last year
- Problem statement and basic mitigations for ephemeral fingerprinting on the web.☆21Updated 4 years ago
- Agenda and minutes of meetings of the Privacy Community Group☆100Updated 2 months ago
- ☆365Updated 6 months ago
- Cookies should take scheme into account, just like every other storage mechanism on the web.☆16Updated 5 years ago
- Security contract types☆60Updated 2 years ago
- 🔒🔍 A Go package to scan sites against requirements for Chromium-maintained HSTS preload list.☆121Updated 2 months ago
- Parse Content Security Policy headers, warn about policy errors, safely manipulate, render, and optimise policies☆72Updated 11 months ago
- What if developers could opt-into better default behaviors en masse, forcing them to pick and choose the legacy risks they want to enable…☆19Updated 2 years ago
- Suborigins☆25Updated 4 years ago
- Post-Spectre Web Development☆18Updated 2 years ago