aboutsummaryrefslogtreecommitdiff
path: root/PROFILING
diff options
context:
space:
mode:
authorfiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b>2008-03-22 20:41:56 +0000
committerfiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b>2008-03-22 20:41:56 +0000
commit8624ed9bd3c38c1907070a3b7de244fd487976c4 (patch)
treea1bfab4317a80976768c31d65b7b3abf873192a9 /PROFILING
parent4988441f3c44d8b80712aec8eb3359a3a584e669 (diff)
downloadpandoc-8624ed9bd3c38c1907070a3b7de244fd487976c4.tar.gz
The '--sanitize-html' option now examines URIs in markdown links
and images, and in HTML href and src attributes. If the URI scheme is not on a whitelist of safe schemes, it is rejected. The main point is to prevent cross-site scripting attacks using 'javascript:' URIs. See http://www.mail-archive.com/markdown-discuss@six.pairlist.net/msg01186.html and http://ha.ckers.org/xss.html. Resolves Issue #62. git-svn-id: https://pandoc.googlecode.com/svn/trunk@1262 788f1e2b-df1e-0410-8736-df70ead52e1b
Diffstat (limited to 'PROFILING')
0 files changed, 0 insertions, 0 deletions