oreoshake/paranoidmode.md

Last active April 23, 2016 17:37

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/oreoshake/4159d9aa2f0603b1b664d1e379ca5c7a.js"></script>
Save oreoshake/4159d9aa2f0603b1b664d1e379ca5c7a to your computer and use it in GitHub Desktop.

Download ZIP

An idea for a terrible feature that dreams of becoming a reality (Maybe 5 sites on the internet would work, including GitHub)

Raw

paranoidmode.md

No inline script
no eval
no mixed content
https required
no referrer leaks
no tabnabbing
no cross origin framing
no cross window/tab references
no unpinned certs
no non-Sri resources
secure/http only/samesite required for all cookies
offsite redirects require second header declaring eligibility
no jsonp
nested form tags raise an error

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment