At Checkbox, we are extremely concerned with data security. We do our best to ensure that our application is safeguarded against any malicious attacks. In order to provide this security, we are constantly running security scans on our application and updating any possible areas of vulnerability. This ensures that all of the code that we write and publish is protected against attackers.
The features that are described in this document give you access to add your own code into Checkbox. This means that you will be adding code into the application that has not gone through our security scans and may be vulnerable. It is up to you and your organization to ensure that any and all code that you add to Checkbox is safe and does not present any risk to your response data.
We strongly suggest that before adding any custom scripts into Checkbox that you familiarize yourself with Cross-site Scripting (XSS) best practices. You can find more detailed information regarding XSS here :https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)