Add .opencode/rules/security.md

This commit is contained in:
2026-04-25 10:45:32 +02:00
parent 50af75703d
commit 89a39db7e2

View File

@@ -0,0 +1,22 @@
# Security Rules
## Generell
- Nie Secrets in Git
- Input immer validieren
- Output immer escapen
## XSS
- HTML specialchars() für User-Input in HTML
- Content-Security-Policy Header setzen
## CSRF
- CSRF Token bei Forms
- SameSite=Cookie
## SQL Injection
- Prepared Statements immer nutzen
- Nie User-Input direkt in SQL