zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-17 07:33:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: harden unicode safety checks

Browse Source
This commit is contained in:
Affaan Mustafa
2026-03-29 08:59:06 -04:00
parent dd675d4258
commit 866d9ebb53
239 changed files with 3780 additions and 3962 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
docs/ko-KR/skills/security-review/SKILL.md
View File

@@ -140,10 +140,10 @@ await db.query(
#### JWT 토큰 처리
```typescript
// WRONG: localStorage (vulnerable to XSS)
// FAIL: WRONG: localStorage (vulnerable to XSS)
localStorage.setItem('token', token)
// CORRECT: httpOnly cookies
// PASS: CORRECT: httpOnly cookies
res.setHeader('Set-Cookie',
`token=${token}; HttpOnly; Secure; SameSite=Strict; Max-Age=3600`)
```
@@ -302,18 +302,18 @@ app.use('/api/search', searchLimiter)
#### 로깅
```typescript
// WRONG: Logging sensitive data
// FAIL: WRONG: Logging sensitive data
console.log('User login:', { email, password })
console.log('Payment:', { cardNumber, cvv })
// CORRECT: Redact sensitive data
// PASS: CORRECT: Redact sensitive data
console.log('User login:', { email, userId })
console.log('Payment:', { last4: card.last4, userId })
```
#### 에러 메시지
```typescript
// WRONG: Exposing internal details
// FAIL: WRONG: Exposing internal details
catch (error) {
return NextResponse.json(
{ error: error.message, stack: error.stack },
@@ -321,7 +321,7 @@ catch (error) {
)
}
// CORRECT: Generic error messages
// PASS: CORRECT: Generic error messages
catch (error) {
console.error('Internal error:', error)
return NextResponse.json(