chore: add security.md file

azabroflovski · May 5, 2024 · 5647ed6 · 5647ed6
1 parent b8ad656
commit 5647ed6
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,11 @@
+# Reporting a Vulnerability
+
+To report a vulnerability, please [create issue](https://github.com/azabroflovski/tiny-dialogue/issues/new).
+
+While the discovery of new vulnerabilities is rare, we also recommend always using the latest versions 
+of `tiny-dialogue` and its official companion libraries to ensure your application remains as secure as possible.
+
+Please note that we do not consider XSS via template expressions a valid attack vector, because 
+it can only happen if the user intentionally uses untrusted content as template compilation source. 
+This is similar to knowingly pasting untrusted scripts into a browser console. We explicitly warn users 
+against using untrusted content as template compilation source in our documentation.