From 621fc7bf0e7c7fb8b2da01cbc5fa3e41659ae755 Mon Sep 17 00:00:00 2001 From: Darrel Date: Fri, 5 Jan 2024 13:06:57 -0500 Subject: [PATCH] Update SECURITY_CONSIDERATIONS.md MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Asbjørn Ulsberg --- SECURITY_CONSIDERATIONS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/SECURITY_CONSIDERATIONS.md b/SECURITY_CONSIDERATIONS.md index dad8b95f7f..e0a2451012 100644 --- a/SECURITY_CONSIDERATIONS.md +++ b/SECURITY_CONSIDERATIONS.md @@ -2,5 +2,5 @@ OpenAPI documents use JSON, YAML and JSON Schema and therefore share their same security considerations. [JSON Schema Core](https://json-schema.org/draft/2020-12/json-schema-core#section-13) [JSON Schema Validation](https://json-schema.org/draft/2020-12/json-schema-validation#name-security-considerations) [YAML](https://www.ietf.org/archive/id/draft-ietf-httpapi-yaml-mediatypes-10.html) [JSON](https://www.rfc-editor.org/rfc/rfc8259) In additional, OpenAPI documents are processed by a wide variety of tooling for numerous different purposes, such as client code generation, documentation generation, server side routing, and API testing. OpenAPI document authors must consider the risks of the scenarios where the OpenAPI document may be used. -OpenAPIs document may contain references to external resources that may be dereferenced automatically by consuming tools. References in an OpenAPI document, or across OpenAPI documents may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. +OpenAPI documents may contain references to external resources that may be dereferenced automatically by consuming tools. References in an OpenAPI document, or across OpenAPI documents may cause a cycle. Tooling must detect and handle cycles to prevent resource exhaustion. Certain properties allow the use of Markdown which can contain HTML including script. It is the responsibility of tooling to appropriately sanitize the Markdown. \ No newline at end of file