The most common subject of invalid reports that the security team receives is editors and administrators being able to include JavaScript in post content.
Section A3 - Cross Site Scripting (XSS) mentions this, but only briefly. I think this ought to be moved into its own heading. After all, it's an important security point for people to be aware of.
The most common subject of invalid reports that the security team receives is editors and administrators being able to include JavaScript in post content.
Section
A3 - Cross Site Scripting (XSS)mentions this, but only briefly. I think this ought to be moved into its own heading. After all, it's an important security point for people to be aware of.