-
Like many other Markdown processors, Python-Markdown does not sanitize its output, meaning that malicious code can be embedded within markdown documents.
```md
# Some markdown document
alert("E…
-
Tracking issue for:
- [ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/26
-
Tracking issue for:
- [ ] https://github.com/2lambda123/cisagov-Malcolm/security/code-scanning/130
-
Once Rails 3.0 officially drops, need to work out html sanitization behaviour to work same way.
-
>Location of security vulnerability : src/lib/utils.ts line 17
>
> Incomplete multi-character sanitization
>
> Severity : high
>
> Rule ID
> js/incomplete-multi-character-sanitization
>
> …
-
Chat messages have HTML sanitization to prevent js injection attacks.
However, we want to be able to display some HTML tags such as links and twilio audio.
There is some link detection in
ht…
-
I've implemented the package like this in my express app:
```js
const { xss } = require('express-xss-sanitizer');
app.use(xss());
```
Unfortunately it doesn't change the user input.
When I for…
-
Hi,
We are using this library in [Zimbra](https://github.com/Zimbra/java-html-sanitizer-release-20190610.1) for sanitization of the e-mail body and during sanitization of the customer-generated HTM…
-
Looks like HTML sanitization broke in Suruveyjs library. I am posting an example, please look into this.
### Are you requesting a feature, reporting a bug or asking a question?
bug
### What…
-
```
Right now, DiffPanel converts , and & to their entity equivalents and
\n to a . It reverses that transformation when getOutput is called.
This should prevent any malicious HTML from getting inject…