🔏Security

Security is one of the major factors we considered when developing this package. We have taken several actions to strengthen its security, which are described on this page.

XSS Protection

The package uses the Quill editor to provide rich features such as headers, code blocks, and lists. Although the editor itself filters vulnerable inputs, we haven't relied on it solely. We also filter inputs using the Graham-Campbell/Security package. We believe these two layers of security provide solid protection against XSS attacks.

Spam Protection

Spam can cause significant damage to your commenting system by adding redundant, mutated comments, and it can also harm your site through attacks like DOS. We have used a spatie/laravel-honeypot package to prevent spam invasion, but we cannot stop DOS attacks. For that, we recommend adding some robot checks.

Though we have taken some steps to mitigate security attacks we can never be perfect in security. If you found any vulnerability please don't use issue tracker instead send email to epmadushanka@gmail.com