The security and privacy aspects of this project could be improved in several fronts:
-
Enable optional resource limits intended for the processing of untrusted documents.
-
Identify potentially insecure parts of a document, for example resource-intensive selectors or privacy-challenging attribute selectors. This could be achieved while processing the SVG or through external tools (like an improved version of AntiSamy).
-
Migrate to a different security model. The security model currently used by this project is problematic and I'd like to switch to a model closer to CSS4J's model. Done by commit e92d319.
-
Create a SECURITY.md file with security and privacy considerations. Done by e92d319.
The security and privacy aspects of this project could be improved in several fronts:
Enable optional resource limits intended for the processing of untrusted documents.
Identify potentially insecure parts of a document, for example resource-intensive selectors or privacy-challenging attribute selectors. This could be achieved while processing the SVG or through external tools (like an improved version of AntiSamy).
Migrate to a different security model. The security model currently used by this project is problematic and I'd like to switch to a model closer to CSS4J's model.Done by commit e92d319.Create aDone by e92d319.SECURITY.mdfile with security and privacy considerations.