Skip to content

Commit

Permalink
docs: improve readability
Browse files Browse the repository at this point in the history 
Co-authored-by: Chris de Almeida <[email protected]>
  • Loading branch information
@UlisesGascon @ctcpip
UlisesGascon and ctcpip authored Mar 11, 2024
1 parent 81a9fd2 commit 54d3397
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion Security.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ For a vulnerability to be considered, it must adhere to the context of the Expre

**Elements Express Does NOT Trust**:

1. Data received from the remote end of inbound or sent to remote outbound network connections, which are accepted through the use of Express API and transformed/validated by Express before being passed to the application.
1. Data received from the remote end of inbound network connections and data sent to the remote end of outbound network connections, which are accepted through the use of the Express API and transformed/validated by Express before being passed to the application.

In simpler terms, if the data passing through Express to/from the application can initiate actions beyond those documented for the API, it likely signifies a security vulnerability. Examples of unwanted actions include polluting globals, causing an unrecoverable crash, or any other unexpected side effects jeopardizing confidentiality, integrity, or availability.

Expand Down

0 comments on commit 54d3397

Please sign in to comment.