This is a simple extension so I imagine will not have many issues but we should aim to get sign off from @csteipp as soon as we possibly can so we are able to deploy it.
I talked to @csteipp Thursday about security reviewing cards.
I explained we want to make it a submodule that simply renders cards.
He said that he could help if we can do the following:
- sketch out a diagram of how all the pieces fit together
- explain where data comes from and where/how it is rendered and out of these which you see as the biggest vector of attacks.
- setup an hour to talk through the extension with him to get his blessing to deploy.