Skip to main content

Is there any security risk using the HTML version of resume?

RChilli Support
  • Updated

Using the HTML version of a resume with RChilli's Resume Parser does not inherently introduce security risks, as long as the data is processed through RChilli’s secured systems and best practices are followed. However, it's important to consider several factors to ensure a secure and compliant implementation.

✅ Supported File Formats and HTML Handling

RChilli’s Resume Parser supports multiple file formats, including HTML and HTM, among others like DOC, DOCX, PDF, TXT, and RTF. The system processes these files using a REST API that extracts and converts data into structured JSON, ensuring consistency across formats.

🔐 Security Measures in Place

RChilli takes security seriously and implements strong protective measures:

  • ISO/IEC 27001:2022 and SOC 2 Type 2 Certifications: These ensure the highest standards in information security.

  • Secure API Authentication: Access to the parsing APIs is protected by user key authentication mechanisms.

  • No Permanent Storage: RChilli does not permanently store resume data when used with the Resume Parser API. Any temporary indexing (e.g., for Search & Match) is encrypted and stored regionally, and can be manually deleted.

  • Data Encryption and Sanitization: HTML input is treated similarly to other formats and sanitized during processing to prevent XSS (Cross-Site Scripting) or code injection vulnerabilities.

🛡️ Potential HTML-Specific Concerns (Mitigated)

HTML resumes may include embedded scripts, styles, or iframes that could pose security issues if not properly sanitized. Fortunately:

  • RChilli’s parser sanitizes HTML content to ensure that only relevant resume data is extracted—this includes removing or ignoring potentially malicious embedded elements.

  • There is no client-side rendering of the resume through the parser; thus, risks such as DOM manipulation or browser-based attacks are eliminated.

✅ Best Practices for HTML Resume Handling

  1. Avoid Allowing Executable Code: Ensure uploaded resumes do not contain JavaScript or embedded active content.

  2. Enable API Settings Like htmlresume: false: If not needed, you can disable the HTML output in the parser API settings to minimize exposure.

  3. Use Secure Input Channels: Upload resumes through secure HTTPS endpoints with authenticated API calls.

📌 Conclusion

There is no significant security risk in using HTML resumes with RChilli's Resume Parser, provided that you leverage the platform's built-in security capabilities and follow recommended practices. RChilli’s infrastructure is built with secure data processing in mind, and HTML resumes are treated securely and efficiently like other supported formats.

For any specific compliance or integration concerns, you can reach out to the support team at support@rchilli.com.

Related articles

Comments

0 comments

Please sign in to leave a comment.