-
**Describe the solution you'd like**
Instead of adding a fixed HTML sanitizer and in preparation the built in Sanitizer Evo needs a way for a developer to add an HTML sanitizer of their choice.
http…
-
`https://github.com/vuejs/vue/issues/6333`
-
I can't find the vulnerability on controls attribute.
any reason for excluding it from whitelist?
-
```
$ npm out
Package Current Wanted Latest Location
css-loader 2.1.1 2.1.1 3.5.3 dcrdata
eslint 5.16.0 5.16.0 6.8.0 dcrdata…
-
Render application READMEs as pulled in by core in #1502.
-
*@cgvwzq commented on Aug 22, 2018, 10:19 AM UTC:*
## Summary
HTML rendering in notification's messages should be disabled by default, and only done when an explicit option's parameter (`"html":true…
ghost updated
6 years ago
-
SimpleMDE has this vulnerability that isn't fixed yet: https://nvd.nist.gov/vuln/detail/CVE-2018-19057
Server-side sanitzation needs to be implemented, with a node library (**domPurify or sanitzer**)…
-
Are you considering providing an update in the near future?
The current version uses Swagger UI 3.25.0 from January 2020, which in turn uses DOMPurify 2.0.7 from October 2019.
My OWASP Dependenc…
-
I tried using this in a Chrome extension to render Markdown from ChatGPT code boxes. It was a real nightmare and I couldn't even get it to work. The links to marked, prism and I think it was DOMpurify…
-
Discussed in Slack: https://hypothes-is.slack.com/archives/C07NXBDNW/p1571964864005600?thread_ts=1571960978.002500&cid=C07NXBDNW