Open ashokak opened 9 years ago
The main aim here is to avoid constructions like this from resulting in a script tag in the resulting output:
This is <a href="#html">HTML</a> with a <scr<script></script>ipt src="evil.js">SCRIPT
The other changes are:
Please let me know if you'd rather have any of these parts as individual pull requests.
The main aim here is to avoid constructions like this from resulting in a script tag in the resulting output:
The other changes are:
Please let me know if you'd rather have any of these parts as individual pull requests.