GSA / openacr

OpenACR is a digital native Accessibility Conformance Report (ACR). The initial development is based on Section 508 requirements. The main goal is to be able to compare the accessibility claims of digital products and services. A structured, self-validated, machine-readable documentation will provide for this.
https://gsa.github.io/openacr/
Other
89 stars 18 forks source link

Review text fields for XSS and whether YAML files with JavaScript can be loaded and popup on the report page #306

Closed dmundra closed 2 years ago

dmundra commented 2 years ago

HTML and markdown works. Need to test and sanitize for script code.

dmundra commented 2 years ago

Updating https://marked.js.org/ package and using https://www.npmjs.com/package/sanitize-html to prevent XSS.