Update README.md to include warning about RCE

duffelhq · Aug 17, 2020 · 83aec31 · 83aec31
1 parent 893a192
commit 83aec31
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -109,6 +109,10 @@ end
 
     IO.puts "total count: #{metadata.total_count}"
     ```
+## Security Considerations
+
+`Repo.paginate/4 will throw an ArgumentError should it detect an executable term in the cursor parameters passed to it (```before`````, `````after`````).
+This is done to protect you from potential side-effects of malicious user input, see [TODO: Add link to relevant paginator_test.exs].
 
 ## Indexes