null/Queue-North-Website
null
/
Queue-North-Website
1
0
Fork 0
Code Issues 18 Pull Requests Packages Projects Releases Wiki Activity

P2: CSP allows unsafe-inline for styles — weakens XSS protection #12

New Issue
Open
opened 2026-05-13 20:40:03 -05:00 by null · 0 comments
null commented 2026-05-13 20:40:03 -05:00
Owner
Copy Link

Severity: P2 — Medium

File: server/index.js ~line 102

Problem: styleSrc includes unsafe-inline, which allows inline styles and defeats CSPs primary security benefit.

Impact: XSS vulnerability — attackers can inject inline styles with malicious CSS.

Fix: Use nonce-based CSP for styles instead of unsafe-inline.

## Severity: P2 — Medium **File:** server/index.js ~line 102 **Problem:** styleSrc includes unsafe-inline, which allows inline styles and defeats CSPs primary security benefit. **Impact:** XSS vulnerability — attackers can inject inline styles with malicious CSS. **Fix:** Use nonce-based CSP for styles instead of unsafe-inline.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
dev
main
v0.2.0
v0.1.1
v0.1.0
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: null/Queue-North-Website#12
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?