Improve section about JavaScript in post content
johnbillion opened this issue · 0 comments
johnbillion commented
The most common subject of invalid reports that the security team receives is editors and administrators being able to include JavaScript in post content.
Section A3 - Cross Site Scripting (XSS) mentions this, but only briefly. I think this ought to be moved into its own heading. After all, it's an important security point for people to be aware of.