[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Fix HTML escaping when rendering README

Subject: Re: Fix HTML escaping when rendering README
From: Chris Warburton
Date: Sun, 28 Jan 2018 23:37:49 +0000
In-reply-to: <a0f5591b1a0c9954-0-artemis@nixos>
References: <a0f5591b1a0c9954-0-artemis@nixos>

Use Pandoc to render to HTML (assuming markdown), then use Bleach to
strip all but a whitelist of HTML elements, attributes and protocols.

This way, elements like '<script>alert("XSS")</script>' get escaped;
attributes like 'onclick="alert(\"XSS\")"' get removed and URLs like
'javascript:alert("XSS")' get removed.

References:
- Fix HTML escaping when rendering README
  - From: Chris Warburton

Prev by Date: Re: Mark podcasts as read
Next by Date: Re: Make vidsfrompage, etc. quieter
Previous by thread: Re: Fix HTML escaping when rendering README
Next by thread: Investigate replacing git2html with stagit
Index(es):
- Date
- Thread