Skip to main content

Security

Work in progress

This feature is still in active development as we continue to build out increased functionality. Information here will change over time as this product continues to evolve rapidly.

To allow flexibility in how customers can use their data, Krestor does not escape or sanitize any data that it stores. Because of that, customers should ensure that all data received from the Krestor API is properly sanitized so that dangerous HTML is not rendered on the page. Note that some data may be changed both via the API or the customer dashboard by users who have access to it.

Please keep in mind that fields below should be carefully sanitized before rendering for clients:

  • Content rules (belongs to merchant rules: Search)

    • Asset URL
    • Alt Text
    • Mobile asset URL
    • Mobile asset ALT text
    • Header
    • Body
    • CTA Text
    • CTA URL
    • Tags (key value pairs)

  • Collections

    • data (JSON)

  • Redirects

    • metadata (JSON)