Skip to content

G
gitlab-ce
Commit 5430a99b authored by Paul Slaughter's avatar Paul Slaughter
Browse files
Options

Merge branch 'sstern-master-patch-98531' into 'master' 

Update doc/development/fe_guide/security.md

See merge request gitlab-org/gitlab!56055
parents ecb0c75d eed46dd7
Hide whitespace changes
Inline Side-by-side
Showing with 6 additions and 0 deletions
doc/development/fe_guide/security.md
View file @ 5430a99b
...@@ -105,3 +105,9 @@ element.appendChild(sanitize(unsafeHtml)); ...@@ -105,3 +105,9 @@ element.appendChild(sanitize(unsafeHtml));
This `sanitize` function takes the same configuration as the This `sanitize` function takes the same configuration as the
original. original.
### Fixing Security Issues
When refactoring old code, it's important that we don't accidentally remove specs written to catch security issues which might still be relevant.
We should mark specs with `#security` in either the `describe` or `it` blocks to communicate to the engineer reading the code that by removing these specs could have severe consequences down the road, and you are removing code that could catch a reintroduction of a security issue.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7