Skip to content

kksKishore Kumar Sharma

Work Writing About Uses Contact

Get in touch→

/tag

#security

← all writing

/footer · still here

If you're building something hard, let's talk.

Start a conversation→

Direct

via the contact form →
Noida, UP

Elsewhere

LinkedIn ↗
About
RSS feed ↗

Views are my own and do not represent any current or past employer. All work shown was completed under appropriate confidentiality and IP terms.

© 2026 Kishore · Built with restraint.·Privacy Termsv2 · System online

2 pieces

May 8, 20268 min read
Email Header Injection in 2026, Still Trivial — and I Found It in My Own Contact Form
Your contact form takes a name, an email, and a message. Three fields. Two of them can take over your mail server if you let them. A short tour of an attack that's older than I am, and how I found it in code I'd just shipped.
- #security
- #nodejs
- #email
- #war-stories
May 8, 20268 min read
Nonce-Based CSP That Doesn't Break Tailwind: The Five Pieces Nobody Documents Together
Content Security Policy is the spam filter for your HTML — it tells the browser which scripts are allowed to run. The default examples don't work with Tailwind, Next.js, or third-party scripts. Here's the configuration that does.
- #security
- #nextjs
- #csp
- #performance
- #production