Security
Do not disclose vulnerabilities in public chat rooms or public issue trackers. Use the private security contact below and include reproduction steps, affected version, and impact.
Contact
Report security concerns to support@globalchats.net.
Security Controls
- Strict extension content security policy and no remote executable code.
- Minimal extension permissions without all-site access, history, cookies, or content scripts.
- Server-side authorization, validation, account-state checks, and rate limiting.
- Database row-level security plus revoked direct write privileges.
- Text-only message rendering and safe external-link attributes.
- Soft deletion for user-hidden messages, retained moderator access to original records, and administrator audit records.