-
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
StartAutomating
authored and
StartAutomating
committed
Nov 27, 2024
1 parent
3b4ccef
commit a748a6e
Showing
1 changed file
with
19 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| # Security | ||
|
|
||
| We take security seriously. If you believe you have discovered a vulnerability, please [file an issue](https://github.com/PowerShellWeb/WebSocket/issues). | ||
|
|
||
| ## Special Security Considerations | ||
|
|
||
| WebSockets are not inherantly dangerous, but what comes out of them might well be. | ||
|
|
||
| In order to avoid data poisoning attacks, please _never_ directly run any code from the internet that you do not trust. | ||
|
|
||
| Please also assume all WebSockets are untrustworthy. | ||
|
|
||
| There are a few easy ways to do this. | ||
|
|
||
| WebSocket responses should never: | ||
|
|
||
| 1. Be piped into `Invoke-Expression` | ||
| 2. Be expanded with `.ExpandString` | ||
| 3. Be directly placed into a `SQL` query |