Lesson 043: PII Sanitization in Static JSON Exports
The static site serves pre-built JSON files from a public URL. The warehouse database contains voter surrogate keys (vot...
security (5 lessons)
Building a Codebase Review Skill
A structured review skill turns the ad-hoc "look at this code and tell me what's wrong" request into a repeatable, evide...
Content Security Policy for Static Sites
A Content Security Policy (CSP) is achievable on a static site without server-side headers by using a <meta> tag. The ch...
XML Entity Encoding Pitfalls
XML entity encoding bugs (Q&A vs Q&A) are the most common class of data corruption in XML content pipelines. They're...
XSS in Trusted-Data Applications
Using innerHTML to render content from "your own" data files (XML, JSON, markdown) is an XSS vulnerability even when the...