Skip to content

Latest commit

 

History

History
8 lines (5 loc) · 1.11 KB

SECURITY.md

File metadata and controls

8 lines (5 loc) · 1.11 KB

Security Policy

This code is included in Mozilla’s client bug bounty program. If you find a security vulnerability, please submit it via the process outlined in the FAQ pages.

Please submit all security-related bugs through Bugzilla using the client security bug form. Never submit security-related bugs through a Github Issue or by email.

Note: as noted in the README.md file in this repository, readability itself does not intend to do security-related input sanitization, and you should use appropriate measures to sanitize input/output for your usecase. "XSS" or similar issues in JSDOMParser.js or Readability.js on their own are unlikely to be treated as security issues - it is expected that some interactive/scripting input may remain after readability processes input. If you can bypass appropriate sanitization measures like DOMPurify you should report that using their procedures, not Mozilla’s.