From d43f9cf4146400721cf8dca15a411c2ecc1342fb Mon Sep 17 00:00:00 2001
From: John MacFarlane <jgm@berkeley.edu>
Date: Sun, 12 Sep 2021 11:10:05 -0700
Subject: Add note to Security section that commonmark is better...

than markdown as far as pathological performance goes.
---
 MANUAL.txt | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'MANUAL.txt')

diff --git a/MANUAL.txt b/MANUAL.txt
index f0d3c8965..b65e45bfe 100644
--- a/MANUAL.txt
+++ b/MANUAL.txt
@@ -6624,7 +6624,10 @@ application, here are some things to keep in mind:
    a timeout, to avoid DOS attacks that exploit these issues.
    If you are using the pandoc executable, you can add the
    command line options `+RTS -M512M -RTS` (for example) to limit
-   the heap size to 512MB.
+   the heap size to 512MB.  Note that the `commonmark` parser
+   (including `commonmark_x` and `gfm`) is much less vulnerable
+   to pathological performance than the `markdown` parser, so
+   it is a better choice when processing untrusted input.
 
 6. The HTML generated by pandoc is not guaranteed to be safe.
    If `raw_html` is enabled for the Markdown input, users can
-- 
cgit v1.2.3