Skip to content

Commit

Permalink
Add notes on security
Browse files Browse the repository at this point in the history
  • Loading branch information
@wooorm
wooorm committed Jul 18, 2019
1 parent 69646c8 commit 5d30f49
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions readme.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,12 @@ Options are passed to [`hast-util-to-mdast`][to-mdast].
Note that [`options.document`][document] defaults to `true` in `rehype-remark`,
as this plugin is mostly used with blocks.

## Security

Use of `rehype-remark` can open you up to a [cross-site scripting (XSS)][xss]
attack if the tree is unsafe.
Use [`rehype-sanitize`][sanitize] to make the tree safe.

## Related

* [`remark-rehype`](https://github.com/remarkjs/remark-rehype)
Expand Down Expand Up @@ -159,3 +165,7 @@ abide by its terms.
[to-mdast]: https://github.com/syntax-tree/hast-util-to-mdast

[document]: https://github.com/syntax-tree/hast-util-to-mdast#optionsdocument

[xss]: https://en.wikipedia.org/wiki/Cross-site_scripting

[sanitize]: https://github.com/rehypejs/rehype-sanitize

0 comments on commit 5d30f49

Please sign in to comment.