update goals / non-goals
g-k opened this issue · 0 comments
g-k commented
refs #397
- define supported browsers or at least unsupported browsers (refs: #530 (comment))
- document version changes for that set
- consider setting support tiers / levels similar to what rust does e.g. Chrome, Firefox, and Safari release versions are tier 1, nightly version tier 2. Ideally this reflects to E2E testing in CI (similar to DOMPurify) refs #242
- update security goals
- likely exclude privacy and XS leaks
- add threats and goals/non-goals from DOMPurify and the native sanitizer likely with the extensions to reflect that bleach doesn't have access t o the DOM and should sanitize output for multiple browsers. This also puts it in a position to do more about stored and reflected XSS.