Closed ustun closed 8 years ago
If the user doesn't sanitize the input before passing to Autolinker, and then she feeds it to the DOM in that form, it will be a security issue. This is probably obvious for most, but still needs to be mentioned I think.
https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer Caja sanitizer could be linked from there as an example.
Does this provide protection against XSS?
Not sure actually. I'm not too familiar with xss other than to make sure users can't add Githubissues.
If the user doesn't sanitize the input before passing to Autolinker, and then she feeds it to the DOM in that form, it will be a security issue. This is probably obvious for most, but still needs to be mentioned I think.
https://code.google.com/p/google-caja/wiki/JsHtmlSanitizer Caja sanitizer could be linked from there as an example.