Skip to content

G
gitlab-ce
Commit 5e73c044 authored by Scott Stern's avatar Scott Stern Committed by sstern
Browse files
Options

Update doc/development/fe_guide/security.md

parent c30d9cd2
Show whitespace changes
Inline Side-by-side
Showing with 6 additions and 0 deletions
doc/development/fe_guide/security.md
View file @ 5e73c044
...@@ -105,3 +105,9 @@ element.appendChild(sanitize(unsafeHtml)); ...@@ -105,3 +105,9 @@ element.appendChild(sanitize(unsafeHtml));
This `sanitize` function takes the same configuration as the This `sanitize` function takes the same configuration as the
original. original.
### Fixing Security Issues
When refactoring old code, it's important that we don't accidentally remove specs written to catch security issues.
We should mark specs with `#security` in either the `describe` or `it` blocks to communicate to the engineer reading the code that by removing these specs could have severe consequences down the road, and you are removing code that could catch a reintroduction of a security issue.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7