Skip to content

Security: mozilla/readability

Security

SECURITY.md

Security Policy

This code is included in Mozilla’s client bug bounty program. If you find a security vulnerability, please submit it via the process outlined in the FAQ pages.

Please submit all security-related bugs through Bugzilla using the client security bug form. Never submit security-related bugs through a Github Issue or by email.

Note: as noted in the README.md file in this repository, readability itself does not intend to do security-related input sanitization, and you should use appropriate measures to sanitize input/output for your usecase. "XSS" or similar issues in JSDOMParser.js or Readability.js on their own are unlikely to be treated as security issues - it is expected that some interactive/scripting input may remain after readability processes input. If you can bypass appropriate sanitization measures like DOMPurify you should report that using their procedures, not Mozilla’s.

There aren’t any published security advisories