Closed mdlincoln closed 5 years ago
Also, immediately after that is
The HTML generated by pandoc is not guaranteed to be safe. If raw_html is enabled for the Markdown input, users can inject arbitrary HTML. Even if raw_html is disabled, users can include dangerous content in attributes for headers, spans, and code blocks. To be safe, you should run all the generated HTML through an HTML sanitizer.
Does janeway do sanitizing/escaping when displaying HTML galleys?
FYI: not sure this is the master pandoc plugin repo as the switch over failed.
From the pandoc userguide