The '--sanitize-html' option now examines URIs in markdown links

and images, and in HTML href and src attributes. If the URI scheme is not on a whitelist of safe schemes, it is rejected. The main point is to prevent cross-site scripting attacks using 'javascript:' URIs. See http://www.mail-archive.com/markdown-discuss@six.pairlist.net/msg01186.html and http://ha.ckers.org/xss.html. Resolves Issue #62. git-svn-id: https://pandoc.googlecode.com/svn/trunk@1262 788f1e2b-df1e-0410-8736-df70ead52e1b
author: fiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b> 2008-03-22 20:41:56 +0000
committer: fiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b> 2008-03-22 20:41:56 +0000
commit: 8624ed9bd3c38c1907070a3b7de244fd487976c4 (patch)
tree: a1bfab4317a80976768c31d65b7b3abf873192a9 /man/man1/html2markdown.1.md
parent: 4988441f3c44d8b80712aec8eb3359a3a584e669 (diff)
1 files changed, 0 insertions, 4 deletions
diff --git a/man/man1/html2markdown.1.md b/man/man1/html2markdown.1.md
index 1db37cf47..905bdd0d0 100644
--- a/man/man1/html2markdown.1.md
+++ b/man/man1/html2markdown.1.md
@@ -51,10 +51,6 @@ a complete list.  The following options are most relevant:
 \--no-wrap
 :   Disable text wrapping in output.  (Default is to wrap text.)
 
-\--sanitize-html
-:   Sanitizes HTML using a whitelist. Unsafe tags are replaced by HTML
-    comments; unsafe attributes are omitted.
-
 -H *FILE*, \--include-in-header=*FILE*
 :   Include contents of *FILE* at the end of the header.  Implies
     `-s`.
author	fiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b>	2008-03-22 20:41:56 +0000
committer	fiddlosopher <fiddlosopher@788f1e2b-df1e-0410-8736-df70ead52e1b>	2008-03-22 20:41:56 +0000
commit	8624ed9bd3c38c1907070a3b7de244fd487976c4 (patch)
tree	a1bfab4317a80976768c31d65b7b3abf873192a9 /man/man1/html2markdown.1.md
parent	4988441f3c44d8b80712aec8eb3359a3a584e669 (diff)