Skip to content

Commit

Permalink
Add notes on security
Browse files Browse the repository at this point in the history
  • Loading branch information
@wooorm
wooorm committed Jul 18, 2019
1 parent e00b22b commit ab756b8
Showing 1 changed file with 12 additions and 0 deletions.
12 changes: 12 additions & 0 deletions readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,14 @@ Content to add in link (`Node` or `Array.<Node>`, default: a `span` element
with `icon` and `icon-link` classes).
Ignored if `'wrap'`.

## Security

Use of `rehype-autolink-headings` can open you up to a
[cross-site scripting (XSS)][xss] attack if you pass user provided content in
`properties` or `content`.

Always be wary of user input and use [`rehype-sanitize`][sanitize].

## Related

* [`rehype-slug`](https://github.com/rehypejs/rehype-slug)
Expand Down Expand Up @@ -149,3 +157,7 @@ abide by its terms.
[author]: https://wooorm.com

[rehype]: https://github.com/rehypejs/rehype

[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting

[sanitize]: https://github.com/rehypejs/rehype-sanitize

0 comments on commit ab756b8

Please sign in to comment.