pandoc

History

fiddlosopher 8624ed9bd3 The '--sanitize-html' option now examines URIs in markdown links and images, and in HTML href and src attributes. If the URI scheme is not on a whitelist of safe schemes, it is rejected. The main point is to prevent cross-site scripting attacks using 'javascript:' URIs. See http://www.mail-archive.com/markdown-discuss@six.pairlist.net/msg01186.html and http://ha.ckers.org/xss.html. Resolves Issue #62. git-svn-id: https://pandoc.googlecode.com/svn/trunk@1262 788f1e2b-df1e-0410-8736-df70ead52e1b	2008-03-22 20:41:56 +00:00
..
man1	The '--sanitize-html' option now examines URIs in markdown links	2008-03-22 20:41:56 +00:00

fiddlosopher 8624ed9bd3 The '--sanitize-html' option now examines URIs in markdown links

and images, and in HTML href and src attributes.  If the URI scheme
is not on a whitelist of safe schemes, it is rejected.  The main point
is to prevent cross-site scripting attacks using 'javascript:' URIs.
See http://www.mail-archive.com/markdown-discuss@six.pairlist.net/msg01186.html
and http://ha.ckers.org/xss.html.  Resolves Issue #62.


git-svn-id: https://pandoc.googlecode.com/svn/trunk@1262 788f1e2b-df1e-0410-8736-df70ead52e1b

2008-03-22 20:41:56 +00:00

man1

The '--sanitize-html' option now examines URIs in markdown links

2008-03-22 20:41:56 +00:00