Worked on the oxygenxml/userguide repository to enhance documentation around Content Security Policy and Trusted Code integration for plugin development. Focused on clarifying how plugins can implement CSP through extension points or headers, and expanded guidance on trusted code, including its applicability to iframe targets and the inclusion of CSS, Schematron, and embedded content. Used DITA, Java, and XML to update documentation, improve consistency, and reduce misconfiguration risks. The work aimed to support safer plugin implementations and streamline developer onboarding by providing clear, actionable security recommendations and improving traceability across related topics, with attention to detail in grammar and technical accuracy.