TL;DR This article covers one of the ways to avoid the by-design <script> HTML element vulnerability. Long story short, unlike any other HTML tag, <script> implies different rules of escaping its content. The proper escaping …
Continue readingCategory: Security & Compliance
Uploadcare Closed a Potential Security Breach Involving Text/HTML Files
TL;DR: We’ve completely disallowed inlining text/html files on our CDN and thus closed a potential security breach. Please check if your application relies on that capability. At Uploadcare, we always take security seriously, and that’s …
Continue readingA Guide to Secure File Upload: How to Make Your Website Bullet-Proof
If you manage a website with user-generated content, you should know how to protect yourself from potential threats hiding in the upload process. Every day, 300 million images are uploaded to Facebook alone. Add to …
Continue readingGetting GDPR Compliant Faster Through Privacy Shield
GDPR for SaaS in Plain Spoken English While my previous article was entirely dedicated to TODOs getting your company GDPR compliant, this one talks about a shortcut to that compliance through first implementing Privacy Shield. Especially …
Continue readingGDPR for SaaS in Plain Spoken English
A little while back, Google sent out an email to all G Suite owners. Its subject said: “[ACTION REQUIRED] Rollout of Data Processing Amendment version 2.0 to reflect the GDPR.” That left me thinking — and now …
Continue reading