[Enhancement] Add WebView Content Security Policy header injection for all course content

[RUKAYAT-CODER]

Overview

Course content rendered in WebView (rich text descriptions, embedded assignments, interactive HTML lessons) requires a comprehensive Content Security Policy to prevent XSS, clickjacking, and data exfiltration. Beyond the basic CSP issue (tracked separately), this enhancement establishes a reusable SecureWebView wrapper with configurable CSP levels for different content trust tiers.

Specifications

Features:

• SecureWebView wraps WebView with configurable CSP injection
• Three trust tiers: restricted (no scripts), interactive (inline scripts from allowlist), trusted (course platform content)
• CSP injected via injectedJavaScriptBeforeContentLoaded as meta tag
• Referrer policy set to no-referrer
• X-Frame-Options equivalent via WebView originWhitelist

Tasks:

• Define CSP strings for each trust tier in src/config/security.ts
• SecureWebView accepts trustLevel prop ('restricted' | 'interactive' | 'trusted')
• Inject meta CSP tag before any content loads
• Set originWhitelist to platform domains only for interactive and trusted tiers
• Add unit tests for each tier's CSP injection

Impacted Files:

• src/components/common/SecureWebView.tsx (create or expand)
• src/config/security.ts

Acceptance Criteria

• restricted tier blocks all inline scripts
• interactive tier allows scripts from defined allowlist domains only
• CSP meta tag appears before any HTML content
• Unit tests confirm correct CSP string for each trust tier

[chidii]

@chidii has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

Good day I am a full stack developer with over 6 years of experience and I have good practical knowledge on this I'll meet all your requirements criteria kindly assign this to me

ℹ️ Repo Maintainers: To accept this application, review their application or assign @chidii to this issue.

[drips-wave]

Congratulations, @chidii! 🎉 Your application was accepted by the repo's maintainers, and the issue is due on June 30, 2026.

🧑‍💻 @chidii: Please resolve the issue such that the repo's maintainers have enough time to review your contribution before the due date. You'll earn Points for completing the issue on-time, which will make you eligible for a share of the Stellar Wave Program's reward pool.

Warning

When opening a PR, please link it to this issue to ensure it gets tracked accurately. Points are awarded when this issue is marked as completed by the maintainer.

🤠 Repo maintainers: Please keep an eye on the contributor's progress and review their work before the due date. You can manage this issue, including adjusting its complexity and points, here.

🌊 Happy Wave 🌊