TL;DR: We’ve completely disallowed inlining text/html files on our CDN and thus closed a potential security breach. Please check if your application relies on that capability. At Uploadcare, we always take security seriously, and that’s …
Continue readingIf you manage a website with user-generated content, you should know how to protect yourself from potential threats hiding in the upload process. Every day, 300 million images are uploaded to Facebook alone. Add to …
Continue readingTL;DR This article covers one of the ways to avoid the by-design <script> HTML element vulnerability. Long story short, unlike any other HTML tag, <script> implies different rules of escaping its content. The proper escaping …
Continue readingGDPR for SaaS in Plain Spoken English While my previous article was entirely dedicated to TODOs getting your company GDPR compliant, this one talks about a shortcut to that compliance through first implementing Privacy Shield. Especially …
Continue readingA little while back, Google sent out an email to all G Suite owners. Its subject said: “[ACTION REQUIRED] Rollout of Data Processing Amendment version 2.0 to reflect the GDPR.” That left me thinking — and now …
Continue reading|
|
|
|
|
