Vladimir Gorej a616cb471d fix(Markdown): render markdown in more secure way ...

This commit changes markdown sanitization behaviour in following way:

class, style and data-* attributes are removed by default. These attributes
open possible vulnerability vectors to attackers.

The original behavior of sanitizer (before this commit) can be enabled by *useUnsafeMarkdown* configuration option.
Use this configuration option with caution and only in cases when you know
what you're doing.

2020-06-11 21:51:15 +02:00

5.7 KiB

Raw Blame History

View Raw