- Validate arguments from events.
- Validate inputs and results from JS interop calls.
- Avoid using (or validate beforehand) user input for .NET to JS interop calls.
- Prevent the client from allocating an unbound amount of memory.
- Data within the component.
-
DotNetObject
references returned to the client. - Guard against multiple dispatches.
- Cancel long-running operations when the component is disposed.
- Avoid events that produce large amounts of data.
- Avoid using user input as part of calls to NavigationManager.NavigateTo and validate user input for URLs against a set of allowed origins first if unavoidable.
- Don't make authorization decisions based on the state of the UI but only from component state.
- Consider using Content Security Policy (CSP) to protect against XSS attacks.
- Consider using CSP and X-Frame-Options to protect against click-jacking.
- Ensure CORS settings are appropriate when enabling CORS or explicitly disable CORS for Blazor apps.
- Test to ensure that the server-side limits for the Blazor app provide an acceptable user experience without unacceptable levels of risk.
اشتراکها
آیا استفاده از Bool مضر است؟
اشتراکها
مقدمه ای بر SSL برای مدیران
نظرات اشتراکها
کمپین درخواست از github
Trending See what the GitHub community is most excited about today
اشتراکها
WebAssembly چیست؟
اشتراکها
تفاوت بین this و that در چیست؟
What is the difference between ___ and ___ in the front-end development?
اشتراکها
معماری برنامه های وب چیست؟
اشتراکها