If you believe you have found a security vulnerability in GoHTMLX, please report it responsibly.

Preferred: Open a GitHub Security Advisory for this repository. This allows a private discussion and coordinated disclosure.

Alternative: Contact the maintainers privately (e.g. via the maintainer contact listed on the repository). Please do not open a public issue for unfixed security vulnerabilities.

We will acknowledge your report and work with you to understand and address the issue. We appreciate your help in keeping GoHTMLX and its users safe.

• In scope: The GoHTMLX CLI, transpiler, generated code runtime (pkg/element), and any first-party libraries in this repository.
• Out of scope: Third-party dependencies (report to their maintainers), the example app’s framework (e.g. Fiber), or security of applications built with GoHTMLX (e.g. application-level bugs).

We will disclose resolved security issues in release notes and, when appropriate, in a GitHub Security Advisory.