Closed j256 closed 11 years ago
HTMLPreview could be prone to XSS, because it enables CORS by using YQL, otherwise it would be imposible to load assets from another subdomain (htmlpreview.github.com and raw.github.com). But generally it should be safe to use HTMLPreview.
I'm interesting in adding some raw HTML page uploading to my site but I want to avoid cross-site scripting security problems:
http://en.wikipedia.org/wiki/Cross-site_scripting
htmlpreview looks great but I'm interested to know how it avoid that problem?
Sorry for the ignorance. Thanks for scripts.