Make Defense summary checklist always an H2 #41547
Conversation
wbamberg
requested review from
chrisdavidmills
and removed request for
a team
github-actions
bot
added
Content:Security
Preview URLs (6 pages)(comment last updated: 2025-10-16 17:07:25) |
There was a problem hiding this comment.
@wbamberg the heading level change makes sense to me — good to be consistent, and nice to see these sections in the TOC.
I'm going to approve this, as the next comments are out of scope for this PR, and you might action them in a follow-up PR if you want to, but:
- The style of these sections is inconsistent. The bulleted lists seem good, but some of them have a lead-up of one or more paragraphs (more of a traditional summary), and some do not.
- I'm also not sure what "primary defense" and "defense in depth" mean. Is this like "mandatory, definitely do this" and "optional if you want to go further"?
- You can probably remove the "We can summarize the defenses above as follows:" lines, as the section heading says "summary".
I think these are legit comments and have applied most of them.
The only one AFAICS that is still different is XS-leaks, and that's tricky because unlike the others it's not a single attack with a single set of defenses, but multiple attacks with multiple overlapping defenses, including some attacks with no real defenses. So I don't really see a good alternative to explaining that.
Fair enough. Really I think the message is "do both".
Done, and agreed it is unnecessary. |
|
All makes sense, cheers @wbamberg! Nice work. |
2 participants
The "attacks" pages are not consistent about which level to put the "Defense summary checklist" at. I think probably H2 is better so it's accessible from the ToC.
I also added one for clickjacking, as we didn't have one.