Skip to content

Security: hjadmz/hjadmz.github.io

Security

SECURITY.md

Security Policy

Supported Versions

We actively support the following versions:

Version Supported
1.x

Reporting a Vulnerability

We take security seriously. If you discover a security vulnerability, please:

  1. DO NOT open a public issue
  2. Email us at [INSERT EMAIL] with:
    • Description of the vulnerability
    • Steps to reproduce
    • Potential impact
    • Suggested fix (if any)

We will respond within 48 hours and provide a timeline for a fix.

Security Best Practices

When using this template:

  • Keep dependencies updated: Regularly update Fuse.js, Marked.js, Prism.js, and other dependencies
  • Use HTTPS: Ensure all external CDN links use HTTPS
  • Sanitize user input: If adding comment systems or user-generated content, sanitize all inputs
  • Review configuration: Review and update config.json before deployment
  • Use Content Security Policy: Implement CSP headers if hosting on a server
  • Validate configuration: Run node validate-config.js before deploying
  • Check for XSS: Ensure all user content is HTML-escaped (already implemented in utils.js)

Known Security Considerations

Client-Side Only

This is a static blog template that runs entirely in the browser. There is no server-side code, which means:

  • ✅ No database vulnerabilities
  • ✅ No server-side injection risks
  • ✅ No authentication bypass issues

Potential Risks

  • XSS (Cross-Site Scripting): Mitigated by HTML escaping in utils.js
  • CSRF (Cross-Site Request Forgery): Not applicable (no server-side actions)
  • Dependency vulnerabilities: Keep dependencies updated

Disclosure Policy

  • We will acknowledge receipt of your report within 48 hours
  • We will provide a detailed response within 7 days
  • We will release a fix within 30 days (for critical issues)
  • We will credit you in the release notes (if desired)

Security Updates

Security updates will be released as patch versions (e.g., 1.0.0 → 1.0.1).

For critical security issues, we may release a security advisory.

Dependencies

This template uses the following external dependencies:

  • Fuse.js (v7.0.0): Client-side search library
  • Marked.js: Markdown parser (if used)
  • Prism.js: Syntax highlighting (if used)

All dependencies are loaded from CDN (cdn.jsdelivr.net) with integrity checks recommended.

Reporting Non-Security Issues

For non-security bugs or feature requests, please use the GitHub Issues page.

There aren’t any published security advisories