Add note to Security section that commonmark is better...

than markdown as far as pathological performance goes.
2021-09-12 11:10:05 -07:00 · 2021-09-12 11:10:05 -07:00 · d43f9cf414
commit d43f9cf414
parent 84b5c55448
1 changed files with 4 additions and 1 deletions
--- a/MANUAL.txt
+++ b/MANUAL.txt
@ -6624,7 +6624,10 @@ application, here are some things to keep in mind:
   a timeout, to avoid DOS attacks that exploit these issues.
   If you are using the pandoc executable, you can add the
   command line options `+RTS -M512M -RTS` (for example) to limit
-   the heap size to 512MB.
+   the heap size to 512MB.  Note that the `commonmark` parser
+   (including `commonmark_x` and `gfm`) is much less vulnerable
+   to pathological performance than the `markdown` parser, so
+   it is a better choice when processing untrusted input.

 6. The HTML generated by pandoc is not guaranteed to be safe.
   If `raw_html` is enabled for the Markdown input, users can