Found a possible security concern

[zidingz]

Hey there!

I belong to an open source security research community, and a member (@ready-research) has found an issue, but doesn’t know the best way to disclose it.

If not a hassle, might you kindly add a SECURITY.md file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.

Thank you for your consideration, and I look forward to hearing from you!

(cc @huntr-helper)

[MartinKolarik]

It's true it could be moved to a separate file, but there is a contact here: https://github.com/ractivejs/ractive/blob/dev/CONTRIBUTING.md#reporting-security-vulnerabilities

@evs-chris I'm not sure if you're on that list though. If not and you want to keep using it, let me know and I'll make you the owner.

[evs-chris]

Yeah, I'm not sure if I'm on that list or not, so please add me if I'm not. I think that list will be fine for now, and I'll look at creating a separate security doc in a bit.