valich
commented
3 years ago All implemented flavours have useSafeLinks = true constructor parameter now.
Custom link generating providers can be made safe with an LinkGeneratingProvider.makeXssSafe extension.
Similarly to
markdown-it, we should trim links which try to execute something on the system.The implementation is actually pretty similar, using similar regexes for filtering links.
All kind of links and images should be filtered by default.