Does this skill work with specific frameworks like React or Vue?

Yes, while the guide is framework-agnostic, the security principles apply to all modern libraries. It also includes specific references for Nuxt, Vue, and Angular.

Where is the most secure place to store authentication tokens?

This skill recommends storing short-lived access tokens in memory and long-lived refresh tokens in httpOnly, Secure, SameSite cookies to mitigate both XSS and CSRF risks.

Can I use this skill to configure security headers?

Absolutely. It provides standardized configurations for X-Frame-Options, HSTS, Referrer-Policy, and Permissions-Policy to harden your application at the browser level.

Does it cover third-party dependency security?

Yes, it includes best practices for the audit process using npm audit, locking versions, and using Subresource Integrity (SRI) for external CDN resources.

How does this skill help with XSS prevention?

It provides implementation patterns for safe DOM manipulation, data sanitization using tools like DOMPurify, and instructions for setting up restrictive Content Security Policies.

General Frontend Security

Name: General Frontend Security
Author: lenneTech

bylenneTech

Security & Testing

Implements OWASP-aligned security best practices to protect web applications against vulnerabilities like XSS, CSRF, and sensitive data exposure.

About

This skill provides a framework-agnostic foundation for building secure web applications based on industry-standard OWASP guidelines. It guides developers through critical security implementations, including Cross-Site Scripting (XSS) prevention, secure token storage strategies, and the configuration of robust browser security features like Content Security Policy (CSP) and Subresource Integrity (SRI). Whether you are auditing an existing codebase for vulnerabilities or architecting a new client-side authentication flow, this skill ensures your frontend remains resilient against modern web attacks while maintaining high standards for user data privacy.

Key Features

Dependency audit workflows and Subresource Integrity (SRI) implementation
XSS prevention patterns using DOM sanitization and safe rendering APIs
Comprehensive Content Security Policy (CSP) and security header configurations
Secure API interaction wrappers with built-in CSRF and rate-limiting awareness
0 GitHub stars
Secure token management strategies combining memory storage and httpOnly cookies

Use Cases

Implementing secure authentication and session management in modern SPAs
Reviewing frontend code for security vulnerabilities and potential data leaks
Configuring production-ready security headers and browser-level protections

About

Key Features

Dependency audit workflows and Subresource Integrity (SRI) implementation
XSS prevention patterns using DOM sanitization and safe rendering APIs
Comprehensive Content Security Policy (CSP) and security header configurations
Secure API interaction wrappers with built-in CSRF and rate-limiting awareness
0 GitHub stars
Secure token management strategies combining memory storage and httpOnly cookies

Use Cases

Implementing secure authentication and session management in modern SPAs
Reviewing frontend code for security vulnerabilities and potential data leaks
Configuring production-ready security headers and browser-level protections