Security Policy

Reporting A Vulnerability

Do not open public issues for security vulnerabilities.

Report vulnerabilities privately to admin@jooservices.com with:

The maintainers will acknowledge reports, assess impact, and coordinate a fix and release.

This package escapes rendered form output.
This package does not sanitize business-specific rich HTML content.
This package does not validate actual uploaded file contents or handle storage.
Consuming applications remain responsible for server-side upload validation and persistence security.