⚡️Blazing fast js bbcode parser, that transforms and parses bbcode to AST and transform it to HTML, React, Vue with plugin support in pure javascript, no dependencies
Despite data: and javascript: as well-known attack-vectors for XSS, the file: protocol may also cause malicious behavior. I think, it is rather safe (thus, backward-compatible) to also escape it here:
Only for local use of BBob, the file: protocol may be relevant. Thus, for full backward-compatiblity, we would require to add some flag to the options.
Despite
data:andjavascript:as well-known attack-vectors for XSS, thefile:protocol may also cause malicious behavior. I think, it is rather safe (thus, backward-compatible) to also escape it here:https://github.com/JiLiZART/BBob/blob/3575982b280cc45c9cedaf7a059491a324c1b514/packages/bbob-plugin-helper/src/helpers.js#L39
Only for local use of BBob, the
file:protocol may be relevant. Thus, for full backward-compatiblity, we would require to add some flag to the options.