Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 8cb3441

Browse filesBrowse files
RafaelGSSaduh95
RafaelGSS
authored and
aduh95
committed
doc: explicit mention arbitrary code execution as a vuln
This request came from Github Open Source Secure and it's always welcome to clarify the policy PR-URL: #57426 Reviewed-By: Marco Ippolito <marcoippolito54@gmail.com> Reviewed-By: Chengzhong Wu <legendecas@gmail.com> Reviewed-By: Matteo Collina <matteo.collina@gmail.com>
1 parent 4ab3c16 commit 8cb3441
Copy full SHA for 8cb3441

File tree

Expand file treeCollapse file tree

1 file changed

+3
-0
lines changed
Open diff view settings
Filter options
Expand file treeCollapse file tree

1 file changed

+3
-0
lines changed
Open diff view settings
Collapse file

‎SECURITY.md‎

Copy file name to clipboardExpand all lines: SECURITY.md
+3Lines changed: 3 additions & 0 deletions
  • Display the source diff
  • Display the rich diff
Original file line numberDiff line numberDiff line change
@@ -106,6 +106,9 @@ a security vulnerability. Examples of unwanted actions are polluting globals,
106106
causing an unrecoverable crash, or any other unexpected side effects that can
107107
lead to a loss of confidentiality, integrity, or availability.
108108

109+
For example, if trusted input (like secure application code) is correct,
110+
then untrusted input must not lead to arbitrary JavaScript code execution.
111+
109112
**Node.js trusts everything else**. Examples include:
110113

111114
* The developers and infrastructure that runs it.

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.