1.12.2 TODOΒΆ
Verify that user-uploaded files - if required to be displayed or downloaded from the application - are served by either octet stream downloads, or from an unrelated domain, such as a cloud file storage bucket. Implement a suitable content security policy to reduce the risk from XSS vectors or other attacks from the uploaded file.
| Level 1 | |
| Level 2 | X |
| Level 3 | X |
| CWE | NIST |
|---|---|
| 646 |