czhang03
commented
8 years ago I think as long as we do not parse or eval stuff, we are fine.
for now xml maybe the most dangerous stuff
Open scottkleinman opened 8 years ago
czhang03
commented
8 years ago I think as long as we do not parse or eval stuff, we are fine.
for now xml maybe the most dangerous stuff
scottkleinman
commented
8 years ago Mozilla's Bleach library seems to be the best bet, but it will essentially destroy the markup. This will require some thought.
As we move forward, we should think about enhancing security for file and url uploads. How can we sanitise the data (particularly where it contains markup)?