From 30c151d1a541515825a001fddc6574efc72c0655 Mon Sep 17 00:00:00 2001 From: Ajay Ojha Date: Tue, 16 Sep 2025 19:03:35 +0530 Subject: [PATCH] Update v3.2.2 requirement #3224 --- 5.0/en/0x12-V3-Web-Frontend-Security.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/5.0/en/0x12-V3-Web-Frontend-Security.md b/5.0/en/0x12-V3-Web-Frontend-Security.md index 3d94e02905..b189cc61f5 100644 --- a/5.0/en/0x12-V3-Web-Frontend-Security.md +++ b/5.0/en/0x12-V3-Web-Frontend-Security.md @@ -19,7 +19,7 @@ Rendering content or functionality in an incorrect context can result in malicio | # | Description | Level | | :---: | :--- | :---: | | **3.2.1** | Verify that security controls are in place to prevent browsers from rendering content or functionality in HTTP responses in an incorrect context (e.g., when an API, a user-uploaded file or other resource is requested directly). Possible controls could include: not serving the content unless HTTP request header fields (such as Sec-Fetch-\*) indicate it is the correct context, using the sandbox directive of the Content-Security-Policy header field or using the attachment disposition type in the Content-Disposition header field. | 1 | -| **3.2.2** | Verify that content intended to be displayed as text, rather than rendered as HTML, is handled using safe rendering functions (such as createTextNode or textContent) to prevent unintended execution of content such as HTML or JavaScript. | 1 | +| **3.2.2** | Verify that content intended to be displayed as text, rather than rendered as HTML, is handled using safe rendering functions (such as createTextNode or textContent) or other safe mechanisms provided by the relevant framework, to prevent unintended execution of content such as HTML or JavaScript. | 1 | | **3.2.3** | Verify that the application avoids DOM clobbering when using client-side JavaScript by employing explicit variable declarations, performing strict type checking, avoiding storing global variables on the document object, and implementing namespace isolation. | 3 | ## V3.3 Cookie Setup