Skip to content

Commit

Permalink
Added security banner to README
Browse files Browse the repository at this point in the history
  • Loading branch information
mde committed May 27, 2023
1 parent aed0124 commit 7690404
Showing 1 changed file with 14 additions and 2 deletions.
16 changes: 14 additions & 2 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,9 +1,21 @@
Embedded JavaScript templates<br/>
[![Build Status](https://img.shields.io/travis/mde/ejs/master.svg?style=flat)](https://travis-ci.org/mde/ejs)
[![Developing Dependencies](https://img.shields.io/david/dev/mde/ejs.svg?style=flat)](https://david-dm.org/mde/ejs?type=dev)
[![Known Vulnerabilities](https://snyk.io/test/npm/ejs/badge.svg?style=flat)](https://snyk.io/test/npm/ejs)
=============================

Security professionals, before reporting any security issues, please reference the
<a href="https://github.com/mde/ejs/blob/main/SECURITY.md">SECURITY.md</a>
in this project, in particular, the following: "EJS is effectively a JavaScript runtime.
Its entire job is to execute JavaScript. If you run the EJS render method without
checking the inputs yourself, you are responsible for the results."

In short, DO NOT submit 'vulnerabilities' that include this snippet of code:

```javascript
app.get('/', (req, res) => {
res.render('index', req.query);
});
```

## Installation

```bash
Expand Down

0 comments on commit 7690404

Please sign in to comment.