前端的常规安全策略
<p></p><ul><li><span style="font-size:10.5ptpx"><span style="color:
#24292e"><span style="background-color:
#ffffff"><span style="letter-spacing:0ptpx">定期请第三方机构做安全性测试,漏洞扫描</span></span></span></span></li><li><span style="font-size:10.5ptpx"><span style="color:
#24292e"><span style="background-color:
#ffffff"><span style="letter-spacing:0ptpx">使用第三方开源库做上线前的安全测试,可以考虑融合到CI中</span></span></span></span></li><li><span style="font-size:10.5ptpx"><span style="color:
#24292e"><span style="background-color:
#ffffff"><span style="letter-spacing:0ptpx">code review 保证代码质量</span></span></span></span></li><li><span style="font-size:10.5ptpx"><span style="color:
#24292e"><span style="background-color:
#ffffff"><span style="letter-spacing:0ptpx">默认项目中设置对应的 Header 请求头,如 X-XSS-Protection、 X-Content-Type-Options 、X-Frame-Options Header、Content-Security-Policy 等等</span></span></span></span></li><li><span style="font-size:10.5ptpx"><span style="color:
#24292e"><span style="background-color:
#ffffff"><span style="letter-spacing:0ptpx">对第三方包和库做检测:NSP(Node Security Platform),Snyk</span></span></span></span></li></ul><p></p>
