Closed valich closed 3 years ago
Similarly to markdown-it, we should trim links which try to execute something on the system.
markdown-it
The implementation is actually pretty similar, using similar regexes for filtering links.
All kind of links and images should be filtered by default.
All implemented flavours have useSafeLinks = true constructor parameter now.
useSafeLinks = true
Custom link generating providers can be made safe with an LinkGeneratingProvider.makeXssSafe extension.
LinkGeneratingProvider.makeXssSafe
Similarly to
markdown-it
, we should trim links which try to execute something on the system.The implementation is actually pretty similar, using similar regexes for filtering links.
All kind of links and images should be filtered by default.