diff options
author | Xavier Mendez <jmendeth@gmail.com> | 2014-04-07 17:20:12 +0200 |
---|---|---|
committer | Xavier Mendez <jmendeth@gmail.com> | 2014-04-07 17:20:12 +0200 |
commit | 238c4d57cce10d33b05cf52a91fc62a09f31ffbb (patch) | |
tree | a7ea96208fdea71093e69f96ba61b3e91a9e7dec | |
parent | 4ad239da2863afdb6e236cd4df436fd03905babd (diff) | |
download | rust-hoedown-238c4d57cce10d33b05cf52a91fc62a09f31ffbb.tar.gz |
Talk about client-side attacks
-rw-r--r-- | README.md | 6 |
1 files changed, 5 insertions, 1 deletions
@@ -32,11 +32,15 @@ Features `Hoedown` has been extensively security audited, and includes protection against all possible DOS attacks (stack overflows, out of memory situations, malformed - Markdown syntax...) and against client attacks through malicious embedded HTML. + Markdown syntax...). We've worked very hard to make `Hoedown` never crash or run out of memory under *any* input. + **Warning**: `Hoedown` doesn't validate or post-process the HTML in Markdown documents. + Unless you use `HTML_ESCAPE` or `HTML_SKIP`, you should strongly consider using a + good post-processor in conjunction with Hoedown to prevent client-side attacks. + * **Customizable renderers** `Hoedown` is not stuck with XHTML output: the Markdown parser of the library |