File tree Expand file tree Collapse file tree 1 file changed +23
-0
lines changed Expand file tree Collapse file tree 1 file changed +23
-0
lines changed Original file line number Diff line number Diff line change 1+ # Security Policy
2+
3+ ## Supported Versions
4+
5+ We only support the latest version of PyHTML, but are open to backporting
6+ security fixes to earlier versions on-request.
7+
8+ ## Reporting a Vulnerability
9+
10+ We take the security of PyHTML very seriously. If you have discovered a
11+ vulnerability in PyHTML, please disclose it responsibly.
12+
13+ Some vulnerabilities we consider to be high-severity are:
14+
15+ * Bugs where HTML, JS or CSS code can be embedded within PyHTML output
16+ without making use of the ` p.style ` , p.DangerousRawHtml` or ` p.script`
17+ tags.
18+ * Bugs where the act of rendering PyHTML can trigger remote code execution
19+ given seemingly-correct input (eg a ` str ` or descendant of ` p.Tag ` ).
20+
21+ You should disclose these vulnerabilities by creating a private issue on
22+ the project's GitHub repo. We will aim to fix these issues as quickly as
23+ possible.
You can’t perform that action at this time.
0 commit comments