Merge pull request #97 from acaptutorials/dev

v1.3.5

Author: acaptutorials

docs/pages/security.mdx

@@ -47,7 +47,7 @@ ACAP's [Firestore Security Rules](https://firebase.google.com/docs/firestore/sec
 ```
 
 <Callout type="warning">
-[ACAP 2.0](/changelog/#version-2-acap-20) allowed users to <u>edit crop recommendations, a new feature</u> introduced in **version 2.0** through <u>weak Firestore Security Rules</u>, making it vulnerable to **Cross-Site Scripting (XSS)**. This lets **unauthorized clients** (e.g., Postman) <u><i>modify WYSIWYG-form data without protection</i></u> if accessed from the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). Allowing these in the Firestore Security Rules contradicts the best practices outlined in the [Database](#database) section, which advocates for data mutation with thorough <u>data validation</u> in the **Node backend**.
+[ACAP 2.0](/changelog/#version-2-acap-20) allowed users to <u>edit crop recommendations, a new feature</u> introduced in **version 2.0** through <u>weak Firestore Security Rules</u>, making it vulnerable to **Cross-Site Scripting (XSS)**. This lets **unauthorized clients** (e.g., Postman) <u><i>modify WYSIWYG-form data without protection</i></u> if accessed from the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). Allowing these in the Firestore Security Rules contradicts the best practices outlined in the [Database](#database) section, which advocates for data mutation with thorough <u>data validation/sanitation</u> in the **Node backend**.
 
 For more details, refer to GitHub Issues in the parent **acap-v2 repository** ([[1]](https://github.com/amia-cis/acap-v2/issues/34), [[2]](https://github.com/amia-cis/acap-v2/issues/57)) or check the **Firebase Storage Announcements 2024** under the [Are there security concerns I should be aware of?](/announcements/firebase-storage-2024#security-considerations) section for information and reference.
 </Callout>