Open btrask opened 8 years ago
In our preview generator for CommonMark Markdown files, we allow clickable links, including hash: links. That means we don't use cmark's "safe" link checker that prohibits javascript: links, among other protocols.
hash:
javascript:
We should probably maintain our own whitelist.
Let's look at cmark to see what else.
In our preview generator for CommonMark Markdown files, we allow clickable links, including
hash:links. That means we don't use cmark's "safe" link checker that prohibitsjavascript:links, among other protocols.We should probably maintain our own whitelist.
Let's look at cmark to see what else.