mirror/php-parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2025-09-02 19:32:35 +02:00
Code Issues Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Emanuil Rusev
2023-10-13 11:09:51 +03:00
committed by GitHub
parent a86a4e19da
commit 0586729b46
1 changed files with 0 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@@ -62,8 +62,6 @@ If instead, you wish to allow HTML within untrusted user-input, but still want o
In both cases you should strongly consider employing defence-in-depth measures, like [deploying a Content-Security-Policy](https://scotthelme.co.uk/content-security-policy-an-introduction/) (a browser security feature) so that your page is likely to be safe even if an attacker finds a vulnerability in one of the first lines of defence above.
#### Security of Parsedown Extensions
Safe mode does not necessarily yield safe results when using extensions to Parsedown. Extensions should be evaluated on their own to determine their specific safety against XSS.
## Escaping HTML