Skip to content

Create SECURITY.md #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Apr 3, 2025
Merged

Create SECURITY.md #113

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 23 additions & 0 deletions SECURITY.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Security Policy

## Supported Versions

We only support the latest version of PyHTML, but are open to backporting
security fixes to earlier versions on-request.

## Reporting a Vulnerability

We take the security of PyHTML very seriously. If you have discovered a
vulnerability in PyHTML, please disclose it responsibly.

Some vulnerabilities we consider to be high-severity are:

* Bugs where HTML, JS or CSS code can be embedded within PyHTML output
without making use of the `p.style`, p.DangerousRawHtml` or `p.script`
tags.
* Bugs where the act of rendering PyHTML can trigger remote code execution
given seemingly-correct input (eg a `str` or descendant of `p.Tag`).

You should disclose these vulnerabilities by creating a private issue on
the project's GitHub repo. We will aim to fix these issues as quickly as
possible.