Unlock a world of possibilities! Login now and discover the exclusive benefits awaiting you.
Does Qlik verify the contributions or projects on Qlik Branch? If not, is there a way for Qlik users to certify that particular extensions are safe or do not have glaring vulnerabilities? Some of our clients are concerned about allowing unverified third-party Javascript packages to run on their servers.
Thanks in advance.
Cheers,
Andrew
Branch content is completely open source and so under the same evaluation of the open source community. Read the source code carefully and when in doubt, dont use.
Maybe also have a look at Alexander's comment here:
Hey Andrew,
As other poster stated I would recommend _everyone_ to verify the source code on their own.
You wouldn't copy / paste a load script from a page on the internet into your app and the same rule of thumb should go for Extensions.
Now with that said, since extensions are just normal objects the usual section access and security rules apply so a extension can't access anything apart from what the user is allowed to see. We also do checks for click-jacking and obvious malicious code for the projects posted on Branch.