Tissevert/pandoc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Add note to Security section that commonmark is better...

Browse source 
than markdown as far as pathological performance goes.
This commit is contained in:
John MacFarlane 2021-09-12 11:10:05 -07:00
parent 84b5c55448
commit d43f9cf414
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
MANUAL.txt
View file

@ -6624,7 +6624,10 @@ application, here are some things to keep in mind:
a timeout, to avoid DOS attacks that exploit these issues. a timeout, to avoid DOS attacks that exploit these issues.
If you are using the pandoc executable, you can add the If you are using the pandoc executable, you can add the
command line options `+RTS -M512M -RTS` (for example) to limit command line options `+RTS -M512M -RTS` (for example) to limit
the heap size to 512MB. the heap size to 512MB. Note that the `commonmark` parser
(including `commonmark_x` and `gfm`) is much less vulnerable
to pathological performance than the `markdown` parser, so
it is a better choice when processing untrusted input.
6. The HTML generated by pandoc is not guaranteed to be safe. 6. The HTML generated by pandoc is not guaranteed to be safe.
If `raw_html` is enabled for the Markdown input, users can If `raw_html` is enabled for the Markdown input, users can