17 行
901 B
Markdown
17 行
901 B
Markdown
# Next.js
|
|
|
|
> `LAB ONLY` | `AUTHORIZED TARGETS ONLY`
|
|
|
|
- 分类: `frameworks`
|
|
- 覆盖层级: `history-full`
|
|
- Advisory 模式: core
|
|
- 输出目录: `07-framework-security/frameworks/nextjs`
|
|
- 修复主题: authz-server-side-recheck, proxy-trust-boundary, token-cookie-storage
|
|
- 适用目标类型: `lab-local, lab-public, authorized-third-party`
|
|
- 是否允许公网验证: `yes, but only for owned or authorized targets`
|
|
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
|
|
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
|
|
|
|
- 自动索引: [INDEX.md](/Users/x/websafe/07-framework-security/frameworks/nextjs/INDEX.md)
|
|
- Registry 统计: [nextjs.json](/Users/x/websafe/08-threat-intel/registry/systems/nextjs.json)
|