Security
The module must follow all standard security best practices.
In particular, the following should be given special consideration:
-
Protect against XXE attacks
-
Always sanitize information from untrusted sources
-
When reading files from the local file system, make sure not to access secrets of the host environment nor enable path traversal
-
When possible, use CSRF tokens
-
When executing queries to a database, make correct use of PreparedStatement class to avoid SQL injection attacks.