I've been looking into the possibility of using this framework, but I have not found any explicit statement of its security features, if any. I've run searches both in Google and on their Github. Since Facebook created this and makes it available to end users, it must have something, but I haven't found any discussion of it. Is it possible that since they use ContentEditable that they are relying on that alone for their security?
Asked
Active
Viewed 265 times
0
-
WHat do you mean by security? It is open source(https://github.com/facebook/draft-js) so you can make sure it isn't calling home if that's a concern. – AJ X. Aug 20 '17 at 22:41
-
1Short answer: Yes – Xaqron Aug 20 '17 at 22:42
-
@axlj I was just looking for some discussion of security issues / features. For example, when using TinyMCE, there is a setting for rich text filters, to prevent a staff member from injecting code that would allow them superuser (administrator) privileges, so I was expecting to see some discussion like that for draft, too. – Malik A. Rumi Aug 20 '17 at 23:06