From 3c3a92835d96935b22e11e7ac1c828a648a5e50b Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 09:55:35 +0100 Subject: [PATCH] chore: update roadmap content json (#6684) Co-authored-by: kamranahmedse --- public/roadmap-content/angular.json | 50 +++++- public/roadmap-content/backend.json | 19 ++- public/roadmap-content/cyber-security.json | 10 +- public/roadmap-content/game-developer.json | 55 ++++++- public/roadmap-content/javascript.json | 2 +- public/roadmap-content/nodejs.json | 181 ++++++++++++++++++--- public/roadmap-content/postgresql-dba.json | 10 ++ public/roadmap-content/python.json | 15 +- public/roadmap-content/vue.json | 10 +- 9 files changed, 305 insertions(+), 47 deletions(-) diff --git a/public/roadmap-content/angular.json b/public/roadmap-content/angular.json index 5e577d161..52babbed9 100644 --- a/public/roadmap-content/angular.json +++ b/public/roadmap-content/angular.json @@ -1846,23 +1846,57 @@ }, "mm6c7GLQEwoQdAHdAYzGh": { "title": "Security", - "description": "", - "links": [] + "description": "This topic describes Angular's built-in protections against common web-application vulnerabilities and attacks such as cross-site scripting attacks. It doesn't cover application-level security, such as authentication and authorization.\n\nVisit the following resources to learn more:", + "links": [ + { + "title": "Angular Official Docs - Security", + "url": "https://angular.dev/best-practices/security", + "type": "article" + }, + { + "title": "Open Web Application Security Project (OWASP)", + "url": "https://owasp.org/", + "type": "article" + } + ] }, "umUX4Hxk7srHlFR_Un-u7": { "title": "Cross-site Scripting", - "description": "", - "links": [] + "description": "Cross-site scripting (XSS) enables attackers to inject malicious code into web pages. Such code can then, for example, steal user and login data, or perform actions that impersonate the user. This has been one of the biggest web security vulnerabilities for over a decade.\n\nTo systematically block XSS bugs, Angular treats all values as untrusted by default. When a value is inserted into the DOM from a template binding, or interpolation, Angular sanitizes and escapes untrusted values.\n\nVisit the following resources to learn more:", + "links": [ + { + "title": "Angular Official Docs - Preventing cross-site scripting (XSS)", + "url": "https://angular.dev/best-practices/security#preventing-cross-site-scripting-xss", + "type": "article" + }, + { + "title": "Mitigate cross-site scripting (XSS)", + "url": "https://web.dev/articles/strict-csp", + "type": "article" + } + ] }, "cgI9oeUHufA-ky_W1zENe": { "title": "Sanitization", - "description": "", - "links": [] + "description": "Sanitization is the inspection of an untrusted value, turning it into a value that's safe to insert into the DOM. In many cases, sanitization doesn't change a value at all. Sanitization depends on context: A value that's harmless in CSS is potentially dangerous in a URL.\n\nAngular sanitizes untrusted values for HTML and URLs. Sanitizing resource URLs isn't possible because they contain arbitrary code. In development mode, Angular prints a console warning when it has to change a value during sanitization.\n\nInterpolated content is always escaped —the HTML isn't interpreted and the browser displays angle brackets in the element's text content.\n\nFor the HTML to be interpreted, bind it to an HTML property such as `innerHTML`. Be aware that binding a value that an attacker might control into `innerHTML` normally causes an XSS vulnerability.\n\nVisit the following resources to learn more:", + "links": [ + { + "title": "Angular Official Docs - Sanitization and security contexts", + "url": "https://angular.dev/best-practices/security#sanitization-and-security-contexts", + "type": "article" + } + ] }, "XoYSuv1salCCHoI1cJkxv": { "title": "Trusting Safe Values", - "description": "", - "links": [] + "description": "Sometimes applications genuinely need to include executable code, display an `