Closed Oza94 closed 9 years ago
Now, the html is not sanitized. Therefore you can put a <script>alert('foo');</script> tag in your markdown.
<script>alert('foo');</script>
We should sanitize it, sanitize-html seems a good option.
Examples of things to allow/disallow
<p>
<h1>
<h6>
<em>
<span>
<img>
onload
onclick
Now, the html is not sanitized. Therefore you can put a
<script>alert('foo');</script>tag in your markdown.We should sanitize it, sanitize-html seems a good option.
Examples of things to allow/disallow
<p>,<h1>to<h6>,<em>,<span>, ect.<img>onload,onclick, ect.