| loio |
|---|
| 91f3df4a6f4d1014b6dd926db0e91070 |
view on: demo kit nightly build | demo kit latest release
For the third party libraries shipped with OpenUI5, security-related issues have to be observed.
OpenUI5 ships with third-party libraries. jQuery is mandatory as OpenUI5 is based on it, and datajs is needed in case OData services should be used.
jQuery does not have any security-related documentation on their site, but they are known to be aware of security and usually reacting quickly in case security issues are found within their library.
OpenUI5 includes jQuery together with their own libraries, so also has the possibility to add custom security fixes to jQuery, if necessary.
datajs does not have any security-related documentation on their site.
OpenUI5 includes the datajs library and can add custom security fixes, if necessary.
Applications based on OpenUI5 are allowed from a technical point of view to include arbitrary custom libraries within their application. OpenUI5 can, of course, not give any statement about the security of third-party libraries and can not ensure security of third-party libraries. The application has full responsibility for doing a security assessment of third-party libraries before using them and for embedding and using them in a secure manner.