best-practices

FAQ

• Yes, my issue is not about variability or throttling.
• Yes, my issue is not about a specific accessibility audit (file with axe-core instead).

URL

https://www.google.com

Wha

Merge /Testing_for_Vertical_Bypassing_Authorization_Schema_WSTG-AUTHZ-00X.md into 4-Web_Application_Security_Testing/05-Authorization_Testing/03-Testing_for_Privilege_Escalation.md

This hint has been around since 2018 and is documented on webhint.io (https://webhint.io/docs/user-guide/hints/hint-doctype/). However it's not enabled by default in any of webhint's configurations (likely an oversight).

We should turn this on by default and perform any necessary cleanup in the process (e.g. switching to get locations from webhint's location-aware DOM that was added after the

Web Packaging "comes in several layers":

• Bundled HTTP Exchanges (Web Bundles):
  https://datatracker.ietf.org/doc/html/draft-ietf-wpack-bundled-responses

  .wbn file extension = application/webbundle

• Signed HTTP Exchanges:
  https://tools.ietf.org/html/draft-yasskin-http-origin-signed-responses

  .sxg file extension = `application/signe

Example:

https://github.com/whitesmith/rubycritic/blob/d673a2c75e4fb1d7f6776b77c63401a4aedf0112/lib/rubycritic/cli/options/file.rb#L41

The new default should be main.