Commit 5e73c044 authored by Scott Stern's avatar Scott Stern Committed by sstern

Update doc/development/fe_guide/security.md

parent c30d9cd2
......@@ -105,3 +105,9 @@ element.appendChild(sanitize(unsafeHtml));
This `sanitize` function takes the same configuration as the
original.
### Fixing Security Issues
When refactoring old code, it's important that we don't accidentally remove specs written to catch security issues.
We should mark specs with `#security` in either the `describe` or `it` blocks to communicate to the engineer reading the code that by removing these specs could have severe consequences down the road, and you are removing code that could catch a reintroduction of a security issue.
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment