ADR-003: Security Responsibility Boundaries =========================================== :Date: 2025-12-14 :Status: Accepted :Context: Code Review v13.0.1 → v13.2.x Summary ------- This ADR documents the security responsibility boundaries between this extension (``netresearch/rte-ckeditor-image``) and TYPO3 Core. Clear boundaries prevent scope creep and ensure security issues are addressed by the appropriate party. Decision -------- The following security responsibilities are explicitly **out of scope** for this extension and are delegated to TYPO3 Core: Out of Scope (TYPO3 Core Responsibility) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 1. **SVG Sanitization** - SVG files can contain embedded JavaScript (``