-
I have created an Material-themed MkDocs site for my company's technical documentation. I am using the search.suggest feature and am wondering if there is any input validation or content security policy employed to protect the search feature from being abused? My goal is to ensure the search feature is not vulnerable to any type of attack. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 5 replies
-
MkDocs generates a static site. Since there's no data sent to a server, not validation is done on our side. What we make sure is that deep linking to search results does not allow for XSS. Content security policy should, in general, be set on the server-side, but you could also add the respective |
Beta Was this translation helpful? Give feedback.
-
@squidfunk I am having some trouble in one area of the content security policy I am creating as a meta tag. I have chevron icons in the left navigation section that when clicked show other pages to navigate to. For some reason my CSP is not allowing those icons to load and I am not sure the source of them. Any way you can help me understand their source?
|
Beta Was this translation helpful? Give feedback.
You can use customization, specifically block overrides and add it to the
meta
block.