Security Best Practices
Category: htmlAn overview of security best practices in HTML.
Content Security Policy
<meta http-equiv="Content-Security-Policy"
content="default-src 'self'; script-src 'self' https://trusted.com" />
Subresource Integrity
<script
src="https://cdn.example.com/library.js"
integrity="sha384-hash..."
crossorigin="anonymous"
></script>
Secure External Links
<!-- Always use rel="noopener" for target="_blank" -->
<a href="https://external.com" target="_blank" rel="noopener noreferrer">
External Site
</a>
Iframe Sandboxing
<iframe
src="/embed"
sandbox="allow-scripts"
allow="camera 'none'; microphone 'none'"
></iframe>