Worked on the homarr-labs/homarr repository to deliver security-focused enhancements, primarily by strengthening the Content Security Policy and refining href protocol validation. The approach involved tightening CSP rules to restrict script sources and frame embedding, while updating validation logic to disallow the use of the javascript: protocol in links but permit custom protocols as needed. These changes, implemented using JavaScript and TypeScript within a Next.js framework, aimed to reduce the risk of cross-site scripting vulnerabilities. The work improved the security posture for embedded content and links, supporting safer user experiences and aligning with established security best practices for web applications.