Add security examples and new CRC glossary entry #42481
Conversation
muhammadfahaddev
requested review from
hamishwillee
and removed request for
a team
github-actions
bot
added
Content:Glossary
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
files/en-us/glossary/hmac/index.md
Outdated
| keyData, | ||
| { name: "HMAC", hash: "SHA-256" }, | ||
| false, | ||
| ["sign"] |
There was a problem hiding this comment.
[mdn-linter] reported by reviewdog 🐶
| ["sign"] | |
| ["sign"], |
There was a problem hiding this comment.
Pull request overview
This pull request adds practical code examples to six existing security-related glossary entries and introduces a new CRC (Cyclic Redundancy Check) glossary entry with a JavaScript implementation example.
- Adds concrete security examples to help developers understand and implement security best practices
- Introduces a new CRC glossary entry explaining error-detecting codes with a CRC-32 implementation
- Enhances documentation with HTTP headers, HTML forms, and JavaScript code snippets
Reviewed changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
files/en-us/glossary/replay_attack/index.md |
Adds HTTP header example showing prevention strategy using timestamp and nonce |
files/en-us/glossary/hsts/index.md |
Adds Strict-Transport-Security header example demonstrating HTTPS enforcement |
files/en-us/glossary/hmac/index.md |
Adds JavaScript example using Web Crypto API to create HMAC-SHA256 signatures |
files/en-us/glossary/csrf/index.md |
Adds HTML form example showing CSRF token implementation |
files/en-us/glossary/csp/index.md |
Adds Content-Security-Policy header example demonstrating script and style restrictions |
files/en-us/glossary/cross-site_scripting/index.md |
Adds vulnerable and secure JavaScript code examples showing XSS prevention |
files/en-us/glossary/crc/index.md |
New entry defining CRC with use cases and CRC-32 JavaScript implementation example |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Preview URLs (6 pages)External URLs (2)URL:
URL:
(comment last updated: 2025-12-26 18:12:55) |
|
Thanks for your PR! I don't think these examples are particularly helpful, and don't think we should be adding them to glossary pages. Glossary pages should be short: they should explain what the thing stands for (if the thing is an acronym), briefly describe what it means, and link to more information. Glossary pages do not document the feature: that's what the extra links do. In these cases the examples are so short that they don't really tell anyone anything, and in some cases they seem to be incorrect (for example, I can't think why you would have a CSP with the same I think checksum might be worth adding, but why document CRC and not checksum? |
hamishwillee
requested review from
wbamberg
and removed request for
hamishwillee
- Remove code examples from CRC, CSP, CSRF, HSTS, HMAC glossary pages - Add new Checksum glossary page - Add cross-references between related security terms (CRC, Checksum, Hash function) - Add CRC/Checksum references to Database and HMAC glossary pages Glossary pages should be concise definitions with links to detailed docs.
muhammadfahaddev
force-pushed
the
add-security-examples
branch
from
59c4927 to
9470c5c
Compare
|
Thanks for the feedback! I've removed the examples from the glossary pages to keep them concise. I also updated the CRC page to be a simple definition and added a new Checksum glossary page as suggested. Cross-references have been added to relevant security and database pages. I've updated the PR with these changes |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 6 out of 6 changed files in this pull request and generated 3 comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| ## See also | ||
|
|
||
| - [Checksum](https://en.wikipedia.org/wiki/Checksum) on Wikipedia | ||
| - Related glossary terms: |
There was a problem hiding this comment.
The Checksum glossary entry should include a reference to the CRC glossary term in its related terms section for bidirectional navigation, since CRC is specifically mentioned in line 10 and has its own glossary entry.
| - Related glossary terms: | |
| - Related glossary terms: | |
| - {{Glossary("CRC")}} |
| - {{Glossary("Checksum")}} | ||
| - {{Glossary("CRC")}} |
There was a problem hiding this comment.
The addition of Checksum and CRC to the Database glossary's related terms seems tangential. While databases may use checksums internally for data integrity, these terms are not directly related to the concept of a database from a web development perspective, especially compared to the other related terms (IndexedDB, SQL) which are core database concepts. Consider removing these references or explaining the relationship in the main content if data integrity is a key aspect being documented.
| - {{Glossary("Checksum")}} | |
| - {{Glossary("CRC")}} |
| - Related glossary terms: | ||
| - {{Glossary("Hash function")}} | ||
| - {{Glossary("Checksum")}} | ||
| - {{Glossary("CRC")}} |
There was a problem hiding this comment.
Adding CRC as a related term to HMAC is misleading. HMAC is a cryptographic authentication mechanism that provides both integrity and authentication guarantees, while CRC is a non-cryptographic error-detection code that only provides basic integrity checking against accidental corruption. They serve different purposes and security levels. Consider removing the CRC reference from this list.
| - {{Glossary("CRC")}} |
2 participants
Description
Motivation
Additional details
Related issues and pull requests