luckypoem
commented
7 years ago any solutions? today i published a post http://grf.bright.biz.st/moonriver/ ,which insert some "embed" codes.
Closed pawandubey closed 7 years ago
luckypoem
commented
7 years ago any solutions? today i published a post http://grf.bright.biz.st/moonriver/ ,which insert some "embed" codes.
pawandubey
commented
7 years ago This was intentional - I wrote the relevant part a long time ago so I wasn't aware that it escapes iframes also - as I enable "safe mode" parsing which doesn't allow certain problematic tags to be parsed, including iframes. The relevant bit of code is here: https://github.com/pawandubey/griffin/blob/fd755f6a502381fb962dca973ca407f89c8491db/src/main/java/com/pawandubey/griffin/Parser.java#L75
You can actually see the list of tags it won't parse in this comment: https://github.com/rjeschke/txtmark/issues/1#issuecomment-1132293
IMO I am fine with not allowing IFRAMES - they are a potential security vulnerability. If you are sure you want to insert those tags, then it takes barely a minute to hand edit the file. Unless you can convince me that this feature this a must, I'd consider security to be a greater concern. Closing this as won't fix for now.
As reported by @luckypoem in #40