About

Security

Developing and using USWDS with security in mind

Verifying ZIP release hash

The /security directory in the USWDS repo contains SHA-256 hashes for each USWDS hashed release ZIP file. Use these hashes to verify the authenticity of USWDS release ZIP files. Compare our SHA-256 hash with the hash you generate from the ZIP you wish to test.

You can also find the SHA-256 hash for the current release on the Download page.

OSX/Linux: Use the sha256sum command in a terminal window. (Replace the path with the path to the file you wish to test.)

sha256sum path/to/filename.zip

Windows: Open up PowerShell and run the following command. (Replace the path with the path to the file you wish to test.)

powershell get-filehash -algorithm sha256 .\path\to\filename.zip

Security updates

Sanitized Combo Box content

As of USWDS 2.12.1, the design system automatically sanitizes content passed into the Combo Box.
Automatic sanitizing for all JavaScript components

As of USWDS 2.12.2, the design system automatically sanitizes content in all components we compose with JavaScript.

Latest updates

Meaningful code and guidance updates are listed in the following table:

Date	Description
2021-11-05	Added security updates section. More information: uswds-site#1304

Security

Verifying ZIP release hash

Security updates

Sanitized Combo Box content

Automatic sanitizing for all JavaScript components

Latest updates

Have an idea or an issue?

Engage with the community

Subscribe to our newsletter

Get support