search

bustle / mobiledoc-kit

A toolkit for building WYSIWYG editors with Mobiledoc
https://bustle.github.io/mobiledoc-kit/demo/
MIT License
1.55k stars 150 forks source link

Security concern #760

Closed JamieSlome closed 2 years ago

JamieSlome commented 2 years ago

Hey there!

I belong to an open source security research community, and a member (@ning1022) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

gpoitch commented 2 years ago

https://github.com/bustle/mobiledoc-kit/blob/master/SECURITY.md

JamieSlome commented 2 years ago

@gpoitch - thanks for your response 👍

Just for reference, both reports can be found here: https://huntr.dev/bounties/c8ae7110-3ea3-4ad3-acb1-953f753d4819/ https://huntr.dev/bounties/2-other-bustle/mobiledoc-kit/

Let me know if you have any questions :)