This remains secure as matrix clients SHOULD only render specific HTML tags, so there is no expectation that server side messages are secure by default.
Add basic tests for formatter.parseSkype for the new escaping bug. This could be expanded in the future to include all the other functions.
This remains secure as matrix clients SHOULD only render specific HTML tags, so there is no expectation that server side messages are secure by default.
Add basic tests for formatter.parseSkype for the new escaping bug. This could be expanded in the future to include all the other functions.
Closes #1