Security vulnerabilities

描述

貢獻者指南

技術棧

javascript

領域

securitydocumentation

議題類型

documentation

難度面向新貢獻者的預計實作難度，1 表示很小改動，5 表示專家級工作。

3

預計時間有經驗貢獻者完成調查、實作、測試並準備 pull request 的粗略時間範圍。

1-3 hours

活動狀態議題目前的可參與程度：新鮮、活躍、陳舊、阻塞或等待維護者輸入。

stale

清晰度議題是否清楚說明預期改動、驗收標準和下一步。

clear

前置要求

無

新手友善度1-100 的估計分數，表示該議題對首次貢獻者的友善程度。

60

研究方向

The issue requests adding documentation about security concerns for different JWT storage methods (cookie vs localStorage) such as XSS and CSRF. The repository is a tutorial on JWT, likely with markdown files. A good starting point would be to assess the current documentation and identify where to insert a new section. Look at the existing structure in the repository's README or docs folder. Then research common security pitfalls for JWT client side storage and write a concise guide. Cite relevant resources. No existing pull requests or comments offer guidance, so the maintainer may need to respond to confirm scope.