Pentest

[chladnefazole]

Hello, have you ever had a penetration test done for this library?

We are interested in using this library for our project, because it comes with MIT license. However, DOMPurify seems like a more secure solution because they have had penetration testing done, and many security issues have been found and fixed.

[boutell]

Hi Katelyn, many security issues have been found and fixed in this library too as you can see in the past PRs, but I can't point to a specific penetration test having been done. It would be a great thing for a sponsor to arrange.

…

On Mon, Nov 22, 2021 at 7:27 AM Katelyn Nienaber ***@***.***> wrote: Hello, have you ever had a penetration test done for this library? We are interested in using this library for our project, because it comes with MIT license. However, DOMPurify seems like a more secure solution because they have had penetration testing done, and many security issues have been found and fixed. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#519>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAAH27MKWU7XOFGHOUCDRB3UNIZJHANCNFSM5IQ3TY5A> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

-- THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.