Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

blacklist vbscript: fixes #492 #537

Merged
merged 1 commit into from
Jan 25, 2015
Merged

blacklist vbscript: fixes #492 #537

merged 1 commit into from
Jan 25, 2015

Conversation

evilpacket
Copy link
Contributor

No description provided.

@alduethadyn
Copy link

Will this fix be merged?

@yoshuawuyts
Copy link

Do note that this warrants a new (patch) release, just merging it in won't be sufficient.

@alduethadyn
Copy link

true enough - should have been more clear

chjj added a commit that referenced this pull request Jan 25, 2015
@chjj
Merge pull request #537 from evilpacket/no-vbscript
f49db7c 
blacklist vbscript: fixes #492
@chjj chjj merged commit f49db7c into markedjs:master Jan 25, 2015
@okuryu
Copy link

okuryu commented Jan 25, 2015

@chjj Could you publish to npm?

@chjj
Copy link
Member

chjj commented Jan 25, 2015

Done.

@chjj
Copy link
Member

chjj commented Jan 25, 2015

I also want to say to everyone, and @naholyr: PRs for the sanitizer are welcome. The sanitizer is something I added on a whim just because I could. I try to make it as secure as possible, but I would never make a guarantee that it is absolutely secure. If you care about security, you should use a more heavy duty html sanitizer. Hopefully one day we can get to that point though.

@naholyr
Copy link

naholyr commented Jan 28, 2015

I'm pretty clear with that, to be fully honest the aim of my comment was more like well, I'm not sur it worth the effort knowing there will always be an unplanned edge case ;)

I'd go for a warning in the README (+ link to http://htmlpurifier.org/ for example?).

@DinisCruz DinisCruz mentioned this pull request Feb 3, 2015
Open
ghost pushed a commit to zergeborg/marked that referenced this pull request May 13, 2016
@chjj
Merge pull request markedjs#537 from evilpacket/no-vbscript
487c410 
blacklist vbscript: fixes markedjs#492
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@evilpacket @alduethadyn @yoshuawuyts @okuryu @chjj @naholyr