New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sanitize using cheerio instead of marked #73

Merged
merged 6 commits into from May 2, 2014

Conversation

Projects
None yet
3 participants
@kevinsawicki
Member

kevinsawicki commented May 2, 2014

Atom has a content security policy enabled so sanitizing using marked is no longer needed.

This PR adds some sanitization using cheerio to strip out script tags and common on* attributes so that the console does not get spammed with CSP errors each time the markdown renders.

Closes #56
Closes #61

@izuzak

This comment has been minimized.

Show comment
Hide comment
@izuzak

izuzak May 2, 2014

Member

⚡️

Member

izuzak commented May 2, 2014

⚡️

@nathansobo

This comment has been minimized.

Show comment
Hide comment
@nathansobo

nathansobo May 2, 2014

Contributor

Looking good to me.

Contributor

nathansobo commented May 2, 2014

Looking good to me.

kevinsawicki added a commit that referenced this pull request May 2, 2014

Merge pull request #73 from atom/ks-sanitize-with-cheerio
Sanitize using cheerio instead of marked

@kevinsawicki kevinsawicki merged commit 98529a4 into master May 2, 2014

1 check passed

continuous-integration/travis-ci The Travis CI build passed
Details

@kevinsawicki kevinsawicki deleted the ks-sanitize-with-cheerio branch May 2, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment