100pah commented on code in PR #148: URL: https://github.com/apache/echarts-handbook/pull/148#discussion_r2446808058
########## contents/en/best-practices/security.md: ########## @@ -0,0 +1,97 @@ +# Security + +## Overview + +ECharts aims to provide rich and flexible visualization capabilities. Although the vast majority of its APIs do not require special security considerations, sereval APIs are exceptions. For example, the option `tooltip.formatter` accepts a raw HTML string, allowing full control over the component's content and layout; the option `title.link` uses the provided URL string directly without automatic sanitization. While this flexibility is powerful, security risks may arise if the input comes from untrusted sources. These APIs are listed below, along with suggestions on how to use these features safely. + +Any security issues can be reported to [[email protected]](mailto:[email protected]) . Review Comment: Oh, yes. I'll modify it. And add a link in https://echarts.apache.org/en/security.html to this new detailed "Security" doc. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
