mirror/php-parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2025-09-03 03:42:38 +02:00
Code Issues Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Emanuil Rusev
2023-10-13 11:08:28 +03:00
committed by GitHub
parent 6598f3860c
commit a86a4e19da
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@@ -68,15 +68,15 @@ Safe mode does not necessarily yield safe results when using extensions to Parse
## Escaping HTML
> **WARNING:** This method isn't safe from XSS!
> WARNING: This method isn't safe from XSS!
If you wish to escape HTML **in trusted input**, you can use the following:
If you wish to escape HTML in trusted input, you can use the following:
```php
$Parsedown->setMarkupEscaped(true);
```
Beware that this still allows users to insert unsafe scripting vectors, such as links like `[xss](javascript:alert%281%29)`.
Beware that this still allows users to insert unsafe scripting vectors, ex: `[xss](javascript:alert%281%29)`.
## Questions