boutell
commented
2 years ago Hi Katelyn, many security issues have been found and fixed in this library too as you can see in the past PRs, but I can't point to a specific penetration test having been done. It would be a great thing for a sponsor to arrange.
On Mon, Nov 22, 2021 at 7:27 AM Katelyn Nienaber @.***> wrote:
Hello, have you ever had a penetration test done for this library?
We are interested in using this library for our project, because it comes with MIT license. However, DOMPurify seems like a more secure solution because they have had penetration testing done, and many security issues have been found and fixed.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/apostrophecms/sanitize-html/issues/519, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAH27MKWU7XOFGHOUCDRB3UNIZJHANCNFSM5IQ3TY5A . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
--
THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his
stale[bot]
Hello, have you ever had a penetration test done for this library?
We are interested in using this library for our project, because it comes with MIT license. However, DOMPurify seems like a more secure solution because they have had penetration testing done, and many security issues have been found and fixed.