Closed willysunny closed 4 years ago
Hello, the CommonMark has no limitiation of this kind by default.
Also, we didn't include a sanitizer.
What is your use case ?
Just curious, as internet security is on the rise. Theoretically people can plant malicious script in the document to perform evil things. The Github markdown will sanitize the .md file to make it safe from browsing, for more info, check this: https://github.com/github/markup
Stéphane Goetz notifications@github.com 於 2019年5月28日 週二 上午4:24寫道:
Hello, the CommonMark has no limitiation of this kind by default.
Also, we didn't include a sanitizer.
What is your use case ?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/dauxio/daux.io/issues/87?email_source=notifications&email_token=ABNCLDGNQB5GIEOBY5ZPDVDPXQ7QLA5CNFSM4HNBJF6KYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODWKO3NI#issuecomment-496299445, or mute the thread https://github.com/notifications/unsubscribe-auth/ABNCLDEDTIEJ4373ULVO62LPXQ7QLANCNFSM4HNBJF6A .
Sure, I completely get the security concerns, but Daux being oriented for people to write their own documentations, security concerns are different, you'll probably have your documentation in a repository with code review or at least track the changes through commits.
Which means that you get changes by trusted parties. In this case, adding sanitizing or whitelisting html tags wouldn't bring a lot.
Just wondering if there is any limitation on the HTML tags that we can use in our markdown file?
Also I'd like to know if this tool also have a HTML sanitizer like GitHub does?