This commit now sanitizes *all* HTML tags written by the user (also prevents auto-link to "unsafe" web protocols and images) as intended. Fortunately because of Sundown's typography support, it did not affect JS injection, but custom style tags and iframes. PS: thanks to the anonymous submitter of a comment including a style tag for 24pt, red font ;-)pull/56/head
parent
241b278863
commit
36d702c7bc
Loading…
Reference in new issue