This commit now sanitizes *all* HTML tags written by the user (also prevents auto-link to "unsafe" web protocols and images) as intended. Fortunately because of Sundown's typography support, it did not affect JS injection, but custom style tags and iframes. PS: thanks to the anonymous submitter of a comment including a style tag for 24pt, red font ;-)legacy/0.6
parent
c35d9c6e93
commit
48e7ddb7f5
Loading…
Reference in new issue