Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

How to solve XSS problem in better way? #106

allenhsu opened this Issue Jun 21, 2013 · 2 comments


None yet
2 participants

I'm working on a project whose contents are generated by users. So XSS should be taken care of. With code similar to the following one, users can generate a javascript link, which causes XSS problems.


How can I prevent XSS problem in a better way?

BTW, is there any way to configure which tags are supported?


michelf commented Jun 21, 2013

Use a separate XSS filter.

There's no way to configure which tags are allowed and which are not in the Markdown parser. But if you use a good XSS filter you should be able to whitelist permissible tags, and attributes.

Thanks, according to the blog, I'll give kses a try. I've also found htmlpurifier.org

@michelf michelf closed this Jun 22, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment