warbo-utilities: 250dce63b54ca5e511af77a95ef395428258d2bd
1: From: Chris Warburton
2: Date: Sun, 28 Jan 2018 23:37:49 +0000
3: Subject: Re: Fix HTML escaping when rendering README
4: Message-Id: <a0f5591b1a0c9954-f54e8469e957dfed-artemis@nixos>
5: References: <a0f5591b1a0c9954-0-artemis@nixos>
6: In-Reply-To: <a0f5591b1a0c9954-0-artemis@nixos>
7:
8: Use Pandoc to render to HTML (assuming markdown), then use Bleach to
9: strip all but a whitelist of HTML elements, attributes and protocols.
10:
11: This way, elements like '<script>alert("XSS")</script>' get escaped;
12: attributes like 'onclick="alert(\"XSS\")"' get removed and URLs like
13: 'javascript:alert("XSS")' get removed.
Generated by git2html.