Security and Accessibility Vulnerabilities in Web Development Resources Website

[VedantAnand17]

Issue Description:

The web development resources website has several critical issues that needed immediate attention:

1. Security Vulnerabilities:

• HTTP Links: The website contains 4 HTTP links in the resources list that posed security risks:

  • http://brackets.io/ (redirects to HTTPS)
  • http://shakrmedia.github.io/tuesday/
  • http://velocityjs.org/
  • http://snapsvg.io/

  These HTTP links could potentially expose users to man-in-the-middle attacks and data interception.

2. Deprecated CDN Dependencies:

• RawGit CDN: The website is using the deprecated cdn.rawgit.com service which has been discontinued and redirects to cdn.jsdelivr.net. This could cause loading failures and broken assets.

3. Protocol-Relative URL Issues:

• Mixed Content: The website uses protocol-relative URLs (//cdn.jsdelivr.net/...) which can cause mixed content warnings and security issues when accessed over HTTPS.

4. Accessibility Problems:

• Missing ARIA Labels: Links lacks proper accessibility labels for screen readers
• No Keyboard Navigation Support: Missing focus styles and skip links for keyboard users
• Poor Semantic Structure: Inadequate HTML semantic structure for assistive technologies

5. User Experience Issues:

• Broken Assets: Deprecated CDN links could cause loading failures
• Security Warnings: HTTP links could trigger browser security warnings
• Poor Navigation: Lack of proper accessibility features made the site difficult to use for users with disabilities

These issues compromise the website's security, accessibility, and overall user experience, requiring immediate fixes to ensure the site remains functional and accessible to all users.

[SohamAnd]

Fix security vulnerabilites and improve accessiblity issues

[markodenic]

@VedantAnand17 Closing for now. Feel free to reopen and fix the issues.