webhint.io | webhint's website | Web Site library
kandi X-RAY | webhint.io Summary
kandi X-RAY | webhint.io Summary
webhint's website
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
Currently covering the most popular Java, JavaScript and Python libraries. See a Sample of webhint.io
webhint.io Key Features
webhint.io Examples and Code Snippets
Community Discussions
Trending Discussions on webhint.io
QUESTION
I am trying to incorporate webhint which is a linting tool that will help you with your site's accessibility, speed, security and more, by checking your code for best practices and common errors.
So its installation is as follows :-
- npm install hint --save-dev
- npm create hintrc (creates a config file)
- then I add hint to scripts in package json "hint" : hint
- I run the local server using ng serve in one cmd
- And I run webhint in other cmd using npm run hint -- http://localhost:4200
I wanted to run the ng serve/build along with npm run hint. I tried steps on link https://webhint.io/docs/user-guide/development-flow-integration/local-server/
I also tried &&, | and concurrency but all failed.
What I want is to run both these ng serve/build and npm run hint using one command.
Any help would be appreciated.
...ANSWER
Answered 2019-Apr-02 at 18:18When an angular application with multiple components is run and webhint is run, the html or json formatters show errors but line numbers are column -1 and row -1.
Most likely this is because the html of the page is generated on the client side so the line/col don't make a lot of sense as it is generated dynamically. If you tell the browser to so the pages code you only obtain the initial html, and if you go to the elements panel in the devtools line and column don't have sense there.
The errors should have the html of the element with the error and that should hopefully help you identify the template with the issue.
That said, we have plans to improve this experience but need to finish a few things first.
How does webhint traverse the code using routes or urls so I can better understand it ?
When using Chrome or jsdom we wait until the page is loaded and then analyze all the html while keeping track of all the network requests. In the case of the local we analyze all the files in the folder passed as a parameter.
npm run all and concurrency don't work for me. ng serve only keeps running.
Do you have the code somewhere so we can take a look? Enabling the concurrency should launch all tasks simultaneously. Maybe it's a question of adding a delay in webhint or something similar.
Thanks!
QUESTION
I've been running some penetration tests using OWASP ZAP and it raises the following alert for all requests: X-Content-Type-Options Header Missing
.
I understand the header, and why it is recommended. It is explained very well in this StackOverflow question.
However, I have found various references that indicate that it is only used for .js and .css files, and that it might actually be a bad thing to set the header for other MIME types:
- Note: nosniff only applies to "script" and "style" types. Also applying nosniff to images turned out to be incompatible with existing web sites. [1]
- Firefox ran into problems supporting nosniff for images (Chrome doesn't support it there). [2]
- Note: Modern browsers only respect the header for scripts and stylesheets and sending the header for other resources (such as images) when they are served with the wrong media type may create problems in older browsers. [3]
The above references (and others) indicate that it is bad to simply set this header for all responses, but despite following any relevant-looking links and searching on Google, I couldn't find any reason behind this argument.
What are the risks/problems associated with setting X-Content-Type-Options: nosniff
and why should it be avoided for MIME types other than text/css
and text/javascript
?
Or, if there are no risks/problems, why are Mozilla (and others) suggesting that there are?
...ANSWER
Answered 2018-Nov-15 at 00:58I would stick to js, css, text/html, json and xml.
Google recommend using unguessable CSRF tokens provided by the protected resources for other content types. i.e generate the token using a js resource protected by the nosniff header.
You could add it to everything, but that would just be tedious and as you mentioned above - you may run into compatibility and user issues.
https://www.chromium.org/Home/chromium-security/corb-for-developers
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install webhint.io
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page