Implementierung von HtmlSanitizer und UrlEncoder zur Absicherung von Benutzereingaben gegen XSS und URL-Manipulationsanfälligkeiten.

EnvelopeGenerator.Web/appsettings.json

@@ -9,6 +9,9 @@
     }
   },
   "PSPDFKitLicenseKey": null,
+  /*  recommended Content-Security-Policy for production:
+      "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self';"  */
+  "Content-Security-Policy": null,
   "AdminPassword": "dd",
   "AllowedOrigins": [ "https://localhost:7202" ],
   "NLog": {
@@ -57,10 +60,10 @@
 
     ]
   },
-  "AddTestControllers": false,
+  "AddTestControllers": true,
   "Jwt": {
-    "Issuer": "https://localhost:7202",
-    "Audience": "https://localhost:7202",
+    "Issuer": null,
+    "Audience": null,
     "Key": "8RGnd7x0G2TYLOIW4m_qlIls7MfbAIGNrpQJzMAUIvULHOLiG723znRa_MG-Z4yw3SErusOU4hTui2rVBMcCaQ"
   },
   "AuthCookieConfig": {