[Question] How do I prevent HTML / script injection?

[kazzkiq]

How can I prevent stuff like <iframe>, <script>, <link> and other tags like these to be parsed when using Markdown.js?

If there is no option to block some tags, an option to block all of them would work too. There is any option like this?

[codingisacopingstrategy]

Hello!

Don’t know if you tried it out? Last time I used Markdown.js it didn’t support any HTML tags, exactly because of these concerns.

See the discussion at https://github.com/evilstreak/markdown-js/issues/16

This issue can be closed. Cheers,

[ashb]

As @codingisacopingstrategy says (who has been doing a better job commenting on issues than we have. Thanks!) right now no HTML is allowed in markdown.js and everything is escaped so the default behaviour is to block all HTML tags.