0652471164
This is an XSS vulnribilitiy. This also blocks a number of MD attributes that a user might attempt to use. The following are the allowed attributes. ['a', 'abbr', 'acronym', 'b', 'blockquote', 'code', 'em', 'i', 'li', 'ol', 'p', 'pre', 'strong', 'ul'] I belive this to be acceptable, as honeslty, a speaker using H1 is going to stomp all over the page and make it harder for the reviewer to parse. UX wise, it's less than great. A user can do # title and be left with <h1> in the sanitized output.
12 lines
233 B
Text
12 lines
233 B
Text
Django==1.9.7
|
|
django-appconf==1.0.1
|
|
django-model-utils>=2.6.1
|
|
django-reversion==1.10.1
|
|
django-sitetree>=1.7.0
|
|
django-taggit==0.18.0
|
|
django-timezone-field>=2.0
|
|
easy-thumbnails==2.3
|
|
bleach
|
|
markdown==2.6.5
|
|
pytz==2015.7
|
|
django-ical==1.4
|