We take the security of justhtml seriously. If you believe you have found a security vulnerability, please report it to us as described below.

Please report security vulnerabilities privately via GitHub's Private Vulnerability Reporting feature.

1. Go to the Security tab of the repository.
2. Click on "Report a vulnerability" to open a private advisory.

Please do not report security vulnerabilities through public GitHub issues.

We are committed to responding to security reports within 48 hours.

We ask that you allow us 90 days to fix the vulnerability before publicly disclosing it. This gives us time to investigate, fix, and release a patch.

We appreciate the efforts of security researchers and will acknowledge valid reports in our release notes (see CHANGELOG.md).