summaryrefslogtreecommitdiffstats
path: root/docs
diff options
context:
space:
mode:
Diffstat (limited to 'docs')
-rw-r--r--docs/api/v2/README.md4
1 files changed, 1 insertions, 3 deletions
diff --git a/docs/api/v2/README.md b/docs/api/v2/README.md
index 162b2da10..33e326744 100644
--- a/docs/api/v2/README.md
+++ b/docs/api/v2/README.md
@@ -1,6 +1,6 @@
# Sync API v2 (Draft)
-The **News app** offers a RESTful API which can be used to sync folders, feeds and items.
+The **News app** offers a RESTful API which can be used to sync folders, feeds and items. The API also supports [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) which means that you can access the API from your browser using JavaScript.
## API Stability Contract
@@ -95,8 +95,6 @@ The response body is a JSON structure that looks like this:
}
```
-The API also supports [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) which means that you can access the API from your browser using JavaScript.
-
## Security Guidelines
Read the following notes carefully to prevent being subject to security exploits:
* All string fields in a JSON response unless explicitly noted otherwise are provided in without sanitation. This means that if you do not escape it properly before rendering you will be vulnerable to [XSS](https://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29) attacks
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-03 10:43:02 +0000