We take the security of Bardic Inspiration seriously. If you discover a security vulnerability, please follow these steps:
- DO NOT create a public GitHub issue for the vulnerability
- Send a detailed report to the module maintainer through:
- GitHub Security Advisories (preferred)
- Direct message on Discord
- Private message on the FoundryVTT Discord server
- Description of the vulnerability
- Steps to reproduce the issue
- Potential impact
- Suggested fix (if you have one)
- Acknowledgment of your report within 48 hours
- Regular updates on the progress of addressing the vulnerability
- Credit in the release notes (unless you prefer to remain anonymous)
- Keep the module updated: Always use the latest version
- Trust your players: This module allows players to control YouTube playback
- Review permissions: Ensure only trusted users have GM privileges
- Monitor usage: Keep an eye on the DJ controls and queue management
- YouTube Content: This module plays YouTube videos. Ensure content is appropriate for your gaming group
- Network Communication: The module uses FoundryVTT's socket system for real-time sync
- No External Servers: All communication happens through your FoundryVTT server
- No Data Collection: This module does not collect or transmit any user data
This module relies on:
- FoundryVTT's built-in security measures
- YouTube's iframe API (subject to YouTube's security policies)
- Browser security features for iframe sandboxing
For security concerns, please reach out through the channels mentioned above.
Thank you for helping keep Bardic Inspiration and the FoundryVTT community safe!