-
Not really sure if this is something Staticman should handle or not, but putting this out there.
I recently was made aware that arbitrary HTML could be passed in my comments. Which basically means …
-
Reference
https://github.com/cure53/DOMPurify
-
Once Rails 3.0 officially drops, need to work out html sanitization behaviour to work same way.
-
See https://wicg.github.io/sanitizer-api/
Some work has been done to hande mathml/svg namespaces but the spec should likely specify a default safelist, see https://github.com/WICG/sanitizer-api/iss…
-
This was a library that was brought in for displaying ANSI color codes in the build detail command output. It is currently unused, but was loaded async previously. It seems we could use this for notif…
-
https://github.com/demetoir/expressionCloud/blob/643f08dd8f1d8889a2ce40d47dac5c6f6648625e/api/src/main.ts#L62-L67
---
###### This issue was generated by [todo](https://todo.jasonet.co) based on a `T…
-
### PHP Version
8.1
### Shopware Version
6.5
### Expected behaviour
The HTML sanitizer breaks up intended attributes like ids for anchor links or classes for styling. Also other elements like ifr…
moorl updated
3 weeks ago
-
It would be nice to add some method for easy sanitizing HTML - remove any javascript, forms and other dangerous stuff.
var doc = CQ.Create(original);
doc[selector].RemoveUnsafeHTML();
var html = d…
ghost updated
11 years ago
-
[In this thread](https://github.com/cython/cython/issues/1775#issuecomment-369918244), it is demonstrated that an `onClick` attribute on a button can come through. This seems like a bug.
```python
…
-
All output of reports, site messages and any other area that allows for HTML output need to be sanitized while still allowing presentation HTML tags. Additionally, the WYSIWYG editor should be restric…