diff options
author | Xavier Mendez <jmendeth@gmail.com> | 2014-04-17 12:53:55 +0200 |
---|---|---|
committer | Xavier Mendez <jmendeth@gmail.com> | 2014-04-17 12:53:55 +0200 |
commit | 8ab482af918f6b5c296dca80f0c67e924c06b5c2 (patch) | |
tree | 80a1428ada6ba51e58efe5e5190750974c8a3130 /bin | |
parent | 9b29045c1118f818edf594001c312cc55c4561f3 (diff) | |
download | rust-hoedown-8ab482af918f6b5c296dca80f0c67e924c06b5c2.tar.gz |
html: Remove SKIP_{STYLE,IMAGES,LINKS} flags (see #62)
Even with these flags active, injections and XSS are still easily possible.
Providing full attribute checking, HTML validation, ... is out of the
scope of Hoedown, therefore this "security" features only create
a false sense of security rather than actually providing it.
Diffstat (limited to 'bin')
-rw-r--r-- | bin/hoedown.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/bin/hoedown.c b/bin/hoedown.c index c6b5bdc..49a22d9 100644 --- a/bin/hoedown.c +++ b/bin/hoedown.c @@ -74,14 +74,11 @@ static struct extension_info extensions_info[] = { static struct html_flag_info html_flags_info[] = { {HOEDOWN_HTML_SKIP_HTML, "skip-html", "Strip all HTML tags."}, - {HOEDOWN_HTML_SKIP_STYLE, "skip-style", "Strip <style> tags."}, - {HOEDOWN_HTML_SKIP_IMAGES, "skip-images", "Don't render images."}, - {HOEDOWN_HTML_SKIP_LINKS, "skip-links", "Don't render links."}, + {HOEDOWN_HTML_ESCAPE, "escape", "Escape all HTML."}, {HOEDOWN_HTML_EXPAND_TABS, "expand-tabs", "Expand tabs to spaces."}, {HOEDOWN_HTML_SAFELINK, "safelink", "Only allow links to safe protocols."}, {HOEDOWN_HTML_HARD_WRAP, "hard-wrap", "Render each linebreak as <br>."}, {HOEDOWN_HTML_USE_XHTML, "xhtml", "Render XHTML."}, - {HOEDOWN_HTML_ESCAPE, "escape", "Escape all HTML."}, }; static const char *category_prefix = "all-"; |