Security vulnerabilities

描述

贡献者指南

技术栈

javascript

领域

securitydocumentation

议题类型

documentation

难度面向新贡献者的预计实现难度，1 表示很小改动，5 表示专家级工作。

3

预计时间有经验贡献者完成调查、实现、测试并准备 pull request 的粗略时间范围。

1-3 hours

活动状态议题当前的可参与程度：新鲜、活跃、陈旧、阻塞或等待维护者输入。

stale

清晰度议题是否清楚说明期望改动、验收标准和下一步。

clear

前置要求

无

新手友好度1-100 的估计分数，表示该议题对首次贡献者的友好程度。

60

研究方向

The issue requests adding documentation about security concerns for different JWT storage methods (cookie vs localStorage) such as XSS and CSRF. The repository is a tutorial on JWT, likely with markdown files. A good starting point would be to assess the current documentation and identify where to insert a new section. Look at the existing structure in the repository's README or docs folder. Then research common security pitfalls for JWT client side storage and write a concise guide. Cite relevant resources. No existing pull requests or comments offer guidance, so the maintainer may need to respond to confirm scope.