mirror_php/parsedown
1
0
Fork 0
mirror of https://github.com/erusev/parsedown.git synced 2025-01-16 20:28:29 +01:00
Code Issues Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Emanuil Rusev 2023-10-13 11:08:28 +03:00 committed by GitHub
parent 6598f3860c
commit a86a4e19da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -68,15 +68,15 @@ Safe mode does not necessarily yield safe results when using extensions to Parse
## Escaping HTML
> **WARNING:** This method isn't safe from XSS!
> WARNING: This method isn't safe from XSS!
If you wish to escape HTML **in trusted input**, you can use the following:
If you wish to escape HTML in trusted input, you can use the following:
```php
$Parsedown->setMarkupEscaped(true);
```
Beware that this still allows users to insert unsafe scripting vectors, such as links like `[xss](javascript:alert%281%29)`.
Beware that this still allows users to insert unsafe scripting vectors, ex: `[xss](javascript:alert%281%29)`.
## Questions