I recently built a simple static website on GitLab Pages that converts ASCII art. Since I'm planning to share this site with others, I want to ensure it's secure, but I'm not very knowledgeable about web security. My site mainly consists of buttons, labels, and text areas in HTML, while my JavaScript just retrieves the text, modifies the string, and copies it to the clipboard with a maximum character limit. Do I need to implement any additional security measures, like protection against cross-site scripting? I've read about using HTML meta tags like 'nosniff'—is that necessary for a site as simple as mine?
5 Answers
Honestly, I think you’re overthinking things for this site. Your attack surface is nearly non-existent right now, and there’s really not much to gain from being malicious.
For a static site (especially one you don’t host yourself), the risk is minimal. Just avoid having any files in the same root folder that you want to keep private, and don’t hardcode any credentials into those files.
Okay, thank you very much! I only have my name there, but that’s just for contact purposes.
Make sure the permissions for your hosting setup are correct, especially if you’re using a VPS. If anything, that's the only thing to really worry about.
Consider getting an SSL certificate. Since you’re not storing any sensitive data, there’s not much incentive for anyone to try to hack your site.
As long as users can’t create content for other users and there’s no server-side input processing involved, you’re pretty secure. Just focus on keeping your server secure.
I see, thank you! I thought so, but since I'll be sharing this site with a lot of people, I wanted to make sure it's as safe as possible.