Closed Oza94 closed 9 years ago
Now, the html is not sanitized. Therefore you can put a <script>alert('foo');</script> tag in your markdown.
<script>alert('foo');</script>
We should sanitize it, sanitize-html seems a good option.
Examples of things to allow/disallow
<p>
<h1>
<h6>
<em>
<span>
<img>
onload
onclick
Now, the html is not sanitized. Therefore you can put a
<script>alert('foo');</script>
tag in your markdown.We should sanitize it, sanitize-html seems a good option.
Examples of things to allow/disallow
<p>
,<h1>
to<h6>
,<em>
,<span>
, ect.<img>
onload
,onclick
, ect.