Skip to content

Commit

Permalink
Updated README
Browse files Browse the repository at this point in the history
  • Loading branch information
xenocrat committed Jul 27, 2024
1 parent acf2fa0 commit 839690a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -95,7 +95,7 @@ Security Considerations

By design Markdown [allows HTML to be included within the Markdown text](https://spec.commonmark.org/0.31.2/#html-blocks), meaning that the input may contain Javascript and CSS styles. This allows Markdown to be very flexible for creating output that is not limited by the Markdown syntax, but it comes with a security risk if you are parsing untrusted input (see [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting)).

The GitHub-Flavored Markdown specification includes an extension to CommonMark, [Disallowed Raw HTML (section 6.11)](https://github.github.com/gfm/#disallowed-raw-html-extension-), which defines a subset of raw HTML to be filtered and rendered as text in the output. This parser **does not** implement section 6.11 of the GitHub-Flavored Markdown specification.
The GitHub-Flavored Markdown specification includes an extension to CommonMark, [Disallowed Raw HTML (section 6.11)](https://github.github.com/gfm/#disallowed-raw-html-extension-), which defines a subset of raw HTML to be filtered and rendered as text in the output. **This parser does not implement section 6.11 of the GitHub-Flavored Markdown specification.**

If you are parsing user input or any other type of untrusted input, you should process the resulting HTML with tools like [HTML Purifier](http://htmlpurifier.org/) that filter out all elements which you have chosen to disallow.

Expand Down

0 comments on commit 839690a

Please sign in to comment.