symposion_app

History

Sachi King 0652471164 Sanitize user input on markdown fields This is an XSS vulnribilitiy. This also blocks a number of MD attributes that a user might attempt to use. The following are the allowed attributes. ['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li', 'ol', 'p', 'pre', 'strong', 'ul'] I belive this to be acceptable, as honeslty, a speaker using H1 is going to stomp all over the page and make it harder for the reviewer to parse. UX wise, it's less than great. A user can do # title and be left with <h1> in the sanitized output.	2017-04-29 15:47:08 +10:00
..
base.txt	Sanitize user input on markdown fields	2017-04-29 15:47:08 +10:00
docs.txt	Create a requirements file	2014-01-15 09:58:20 -05:00

Sachi King 0652471164 Sanitize user input on markdown fields

This is an XSS vulnribilitiy.

This also blocks a number of MD attributes that a user might attempt to
use.

The following are the allowed attributes.

['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li',
'ol', 'p', 'pre', 'strong', 'ul']

I belive this to be acceptable, as honeslty, a speaker using H1 is going
to stomp all over the page and make it harder for the reviewer to parse.

UX wise, it's less than great.  A user can do # title and be left with
<h1> in the sanitized output.

2017-04-29 15:47:08 +10:00

base.txt

Sanitize user input on markdown fields

2017-04-29 15:47:08 +10:00

docs.txt

Create a requirements file

2014-01-15 09:58:20 -05:00