This section describes how to secure your custom developments.
Follow best practices and security recommendations as described at http://www.owasp.org when creating custom widgets.
Pay attention to:
Data sent to the back-end. Escape user-input to prevent XSS
vulnerabilities.
Data stored via the storage API (used for collaboration widgets like
rating or tagging) because it is the only way to inject data in indexed
documents.